A critical bug in the Fluent Bit logging utility service has been discovered, named the 'Linguistic Lumberjack,' affecting major cloud platforms like AWS, Microsoft, and Google Cloud. The bug, present in versions 2.0
7 through 3.0.3, allows hackers to cause denial of service, data leaks, and remote code execution by manipulating the service's embedded HTTP server. Tenable researchers found that passing non-string values to a specific endpoint could lead to memory corruption issues, crashes, and potential data exposure. While an exploit for remote code execution would be complex to develop, organizations using Fluent Bit are advised to update to the patched version and review their configurations for monitoring APIs to restrict unauthorized access. https://www.darkreading.com/cloud-security/critical-bug-dos-rce-data-leaks-in-all-major-cloud-platforms