Search criteria
3 vulnerabilities found for Fluentd by Cloud Native Computing Foundation (CNCF)
JVNDB-2017-010280
Vulnerability from jvndb - Published: 2017-12-11 14:13 - Updated:2017-12-11 14:13
Severity ?
Summary
Fluentd vulenrable to escape sequence injection
Details
Fluentd provided by Cloud Native Computing Foundation (CNCF) contains an escape sequence injection vulnerability.
Fluentd is an open source data collector provided by Cloud Native Computing Foundation (CNCF). The parse Filter Plugin for Fluentd contains an escape sequence injection vulnerability (CWE-150) due to a flaw in processing logs.
Teppei Fukuda reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010280.html",
"dc:date": "2017-12-11T14:13+09:00",
"dcterms:issued": "2017-12-11T14:13+09:00",
"dcterms:modified": "2017-12-11T14:13+09:00",
"description": "Fluentd provided by Cloud Native Computing Foundation (CNCF) contains an escape sequence injection vulnerability.\r\n\r\nFluentd is an open source data collector provided by Cloud Native Computing Foundation (CNCF). The parse Filter Plugin for Fluentd contains an escape sequence injection vulnerability (CWE-150) due to a flaw in processing logs.\r\n\r\nTeppei Fukuda reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010280.html",
"sec:cpe": {
"#text": "cpe:/a:fluentd:fluentd",
"@product": "Fluentd",
"@vendor": "Cloud Native Computing Foundation (CNCF)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-010280",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU95124098/index.html",
"@id": "JVNVU#95124098",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10906",
"@id": "CVE-2017-10906",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10906",
"@id": "CVE-2017-10906",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/150.html",
"@id": "CWE-150",
"@title": "Improper Neutralization of Escape, Meta, or Control Sequences(CWE-150)"
}
],
"title": "Fluentd vulenrable to escape sequence injection"
}
CVE-2017-10906 (GCVE-0-2017-10906)
Vulnerability from cvelistv5 – Published: 2017-12-08 15:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Escape Sequence Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloud Native Computing Foundation (CNCF) | Fluentd |
Affected:
0.12.29 through 0.12.40
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2225"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fluent/fluentd/pull/1733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fluentd",
"vendor": "Cloud Native Computing Foundation (CNCF)",
"versions": [
{
"status": "affected",
"version": "0.12.29 through 0.12.40"
}
]
}
],
"datePublic": "2017-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escape Sequence Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "RHSA-2018:2225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2225"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fluent/fluentd/pull/1733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fluentd",
"version": {
"version_data": [
{
"version_value": "0.12.29 through 0.12.40"
}
]
}
}
]
},
"vendor_name": "Cloud Native Computing Foundation (CNCF)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escape Sequence Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2225",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2225"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95124098/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"
},
{
"name": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes",
"refsource": "CONFIRM",
"url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"
},
{
"name": "https://github.com/fluent/fluentd/pull/1733",
"refsource": "CONFIRM",
"url": "https://github.com/fluent/fluentd/pull/1733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10906",
"datePublished": "2017-12-08T15:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10906 (GCVE-0-2017-10906)
Vulnerability from nvd – Published: 2017-12-08 15:00 – Updated: 2024-08-05 17:50
VLAI?
Summary
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Escape Sequence Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloud Native Computing Foundation (CNCF) | Fluentd |
Affected:
0.12.29 through 0.12.40
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2225"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fluent/fluentd/pull/1733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fluentd",
"vendor": "Cloud Native Computing Foundation (CNCF)",
"versions": [
{
"status": "affected",
"version": "0.12.29 through 0.12.40"
}
]
}
],
"datePublic": "2017-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escape Sequence Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "RHSA-2018:2225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2225"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fluent/fluentd/pull/1733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fluentd",
"version": {
"version_data": [
{
"version_value": "0.12.29 through 0.12.40"
}
]
}
}
]
},
"vendor_name": "Cloud Native Computing Foundation (CNCF)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escape Sequence Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2225",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2225"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95124098/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"
},
{
"name": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes",
"refsource": "CONFIRM",
"url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"
},
{
"name": "https://github.com/fluent/fluentd/pull/1733",
"refsource": "CONFIRM",
"url": "https://github.com/fluent/fluentd/pull/1733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10906",
"datePublished": "2017-12-08T15:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}