AIKIDO-2024-10425
fluent.fluent-bit is vulnerable to Improper Authentication
88
High
fluent.fluent-bit c++
AIKIDO-2024-10425: fluent.fluent-bit is vulnerable to Improper Authentication in versions 3.0.0 - 3.1.9.
Improper Authentication
Vuln in 3.0.0 - 3.1.9
Fixed in 3.1.10
No CVE available
TL;DR
Affected versions of the package are vulnerable to improper authentication in the Forward plugin. It is possible for an attacker to tamper with the shared_key_digest because there is a check based on shared_key_digest_len.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade fluent.fluent-bit library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US