Fluent Bit Tag Manipulation Vulnerability in Input Plugins

A vulnerability exists in the Fluent Bit input plugins for HTTP, Splunk, and Elasticsearch, all in version 4.1.0. The issue arises from improper validation of the tag_key, which fails to enforce precise key-length matching. This flaw allows a remote attacker with authenticated or exposed access to these input endpoints to craft inputs that manipulate tags, redirecting records to unintended destinations. As a result, the authenticity of the ingested logs is compromised, potentially leading to the injection of false data, flooding alerts, and disrupting routing processes.

Impact

Exploitation of this vulnerability could result in unauthorized manipulation of log tags, allowing for misdirection of log records and injection of fraudulent data into the system. This could create a false sense of activity through alert flooding and disrupt normal log routing processes, causing potential oversight of critical events.