Years-old bugs in open source took out major clouds at risk • The Register
(www.theregister.com)
from cm0002@suppo.fi to cybersecurity@infosec.pub on 25 Nov 04:50
https://suppo.fi/post/9183762
from cm0002@suppo.fi to cybersecurity@infosec.pub on 25 Nov 04:50
https://suppo.fi/post/9183762
A series of “trivial-to-exploit” vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud services and alter data.
The Oligo Security research team found the five vulnerabilities and - in coordination with the project’s maintainers - on Monday published details about the bugs that allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags.
threaded - newest