Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
CVE-2022-39379

3.1LOW

Key Information:

Vendor: Fluent
Status: Fluentd
Vendor: CVE Published:; 2 November 2022

What is CVE-2022-39379?

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable FLUENT_OJ_OPTION_MODE is explicitly set to object. Please note: The option FLUENT_OJ_OPTION_MODE was introduced in Fluentd version 1.13.2. Earlier versions of Fluentd are not affected by this vulnerability. This issue was patched in version 1.15.3. As a workaround do not use FLUENT_OJ_OPTION_MODE=object.

Affected Version(s)

fluentd >= 1.13.2, < 1.15.3

References

https://github.com/fluent/fluentd/security/advisories/GHS...

https://github.com/fluent/fluentd/commit/48e5b85dab1b6d4c...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2022
Vulnerability Reserved
Sep 2, 2022

JSON