Microsoft Azure, Google Cloud Platform, Amazon Web Services, and other major cloud providers and technology firms could be compromised in attacks leveraging the critical memory corruption flaw within the widely used logging and metrics software Fluent Bit, according to BleepingComputer.
Such a vulnerability, tracked as CVE-2024-4323 and also known as Linguistic Lumberjack, could be leveraged by threat actors to facilitate remote code execution and denial-of-service attacks, as well as data exfiltration activities, a report from Tenable revealed.
"The researchers believe that the most immediate and primary risks are those pertaining to the ease with which DoS and information leaks can be accomplished," said researchers.
Microsoft, Google, and Amazon have already been informed regarding the issue, which is expected to be fixed with Fluent Bit 3.0.4 release. Meanwhile, organizations using the vulnerable logging utility in their infrastructure have been urged to restrict Fluent Bit monitoring API access or deactivate the vulnerable API endpoint.
