{"containers": {"cna": {"affected": [{"product": "fluentd", "vendor": "fluent", "versions": [{"status": "affected", "version": ">= 0.14.14, < 1.14.2"}]}], "descriptions": [{"lang": "en", "value": "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-29T13:40:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"}], "source": {"advisory": "GHSA-hwhf-64mh-r662", "discovery": "UNKNOWN"}, "title": "ReDoS vulnerability in parser_apache2", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41186", "STATE": "PUBLIC", "TITLE": "ReDoS vulnerability in parser_apache2"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "fluentd", "version": {"version_data": [{"version_value": ">= 0.14.14, < 1.14.2"}]}}]}, "vendor_name": "fluent"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd)."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662", "refsource": "CONFIRM", "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"}, {"name": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142", "refsource": "MISC", "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"}, {"name": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md", "refsource": "MISC", "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"}]}, "source": {"advisory": "GHSA-hwhf-64mh-r662", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:08:31.511Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-41186", "datePublished": "2021-10-29T13:40:10", "dateReserved": "2021-09-15T00:00:00", "dateUpdated": "2024-08-04T03:08:31.511Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fluentd:fluentd:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AE50BF8-39BA-4467-AA78-83E6BDAD86FF", "versionEndIncluding": "1.14.1", "versionStartIncluding": "0.14.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd)."}, {"lang": "es", "value": "Fluentd recoge eventos de varias fuentes de datos y los escribe en archivos para ayudar a unificar la infraestructura de registro. El plugin parser_apache2 en Fluentd versiones v0.14.14 hasta v1.14.1 sufre una vulnerabilidad de denegaci\u00f3n de servicio de expresi\u00f3n regular (ReDoS). Un registro de apache roto con un determinado patr\u00f3n de cadena puede pasar demasiado tiempo en una expresi\u00f3n regular, resultando en un potencial de un ataque DoS. Este problema est\u00e1 parcheado en la versi\u00f3n 1.14.2. Se presentan dos soluciones disponibles. O bien no usar parser_apache2 para analizar los registros (que no pueden ser garantizados por Apache), o poner la versi\u00f3n parcheada de parser_apache2.rb en el directorio /etc/fluent/plugin (o cualquier otro directorio especificado por la variable de entorno \"FLUENT_PLUGIN\" o \"--plugin\" de fluentd)"}], "id": "CVE-2021-41186", "lastModified": "2024-11-21T06:25:42.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-29T14:15:07.730", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"}, {"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "fluentd: ReDoS vulnerability in parser_apache2", "id": "2019184", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019184"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd)."], "name": "CVE-2021-41186", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Will not fix", "package_name": "openshift-logging/fluentd-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "fluentd", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Out of support scope", "package_name": "openshift4/ose-logging-fluentd", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Out of support scope", "package_name": "puppet-fluentd", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack-optools:10", "fix_state": "Out of support scope", "package_name": "fluentd", "product_name": "Red Hat OpenStack Platform 10 (Newton) Operational Tools"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "puppet-fluentd", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack-optools:13", "fix_state": "Out of support scope", "package_name": "fluentd", "product_name": "Red Hat OpenStack Platform 13 (Queens) Operational Tools"}], "public_date": "2021-10-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-41186\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41186\nhttps://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"], "statement": "The OpenShift Logging team does not configure to use the parser_apache2 plugin. Fixes for this vulnerbility will be delivered in a future fluentd update.", "threat_severity": "Moderate"}