Years-old bugs in open source tool left every major cloud open to disruption

A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud services and alter data.

The Oligo Security research team found the five vulnerabilities and - in coordination with the project's maintainers - on Monday published details about the bugs that allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags. 

Updating to the latest stable version, v4.1.1 / 4.0.12, fixes the flaws.

Fluent Bit, an open source project maintained by Chronosphere, is used by major cloud providers and tech giants, including Google, Amazon, Oracle, IBM, and Microsoft, to collect and route data. 

It's a lightweight telemetry data agent and processor for logs, metrics, and traces, and it has more than 15 billion ...