RCE – Fluent Bit (CVE-2024-4323) “Linguistic Lumberjack”. Fluent Bit is a multi-platform open source tool for collecting and processing logs. It is easy to use, scales well, and can handle large amounts of data. Fluent Bit is often used in the infrastructures of large companies, especially in the infrastructures of cloud providers.
The vulnerability discovered by Tenable Research is related to memory corruption in the built-in Fluent Bit HTTP server. This HTTP server is used to monitor the status of Fluent Bit: uptime, plugin metrics, health checks, etc. Certain unauthenticated requests to the server API may result in denial of service (DoS), information leakage, or remote code execution (RCE). According to researchers, making a reliable RCE exploit will not be easy, but the PoC for DoS is already publicly available and, perhaps, it will be converted into RCE.
The fix is expected in version 3.0.4.