• /
  • EnglishEspañol日本語한국어Português
  • Inicia sesiónComenzar ahora

NR25-01- Fluent Bit Plugins (CVE-2024-50608 & CVE-2024-50609)

Vulnerability Identifier: NR25-01

Priority: High

Summary

By default New Relic does not include or enable the specific plugins that are affected by security vulnerabilities identified in certain versions of Fluent Bit. The specific plugins are:

However, to support customers that have enabled these optional plugins, we recommend customers to upgrade to the latest available versions of these package:

  • Infrastructure Agent - Windows
  • Infrastructure Agent - Linux
  • Kubernetes Plugin
  • New Relic Fluent Bit Output Plugin Docker Image

Action required

New Relic strongly advises our customers who are using the aforementioned log forwarding instrumentation to take immediate action as follows. If you are unable to upgrade to Fluent Bit v3.2.7, we recommend disabling the affected plugins specified above.

Solution

Action Required

Infrastructure agent - Windows

Upgrade the Infrastracture agent to version 1.62.0 or later

Infrastructure agent - Linux

Upgrade the Infrastracture agent to version 1.62.0 or later AND update Fluent Bit to version 3.2.7 or later

Kubernetes Plugin

Upgrade using either newrelic-logging-1.26.1 or nri-bundle-5.0.115

New Relic Fluent Bit Output Plugin Docker Image

Update to version 2.3.0

New Relic has provided the following resources to assist with these updates:

Frequently Asked Questions

  1. How can I find out if I’m using the vulnerable plugins?

    New Relic default Fluent Bit configuration does not include the vulnerable plugins by default. If you have amended your Fluent bit configuration post-installation and included the OpenTelemetry input plugin and/or Prometheus Remote Write input, any version of Fluent Bit installed in your environment is vulnerable. Follow the instructions to upgrade all your log forwarding instrumentation immediately.

  2. I am using the Infrastructure Agent but have disabled log forwarding. Am I impacted?

    If you previously used New Relic log forwarding instrumentation (listed above), and used the affected plugins, you might still be impacted. New Relic recommends that you upgrade your agents, or at minimum disable the affected plugins.

    Additionally, New Relic recommends that all customers identify any other uses of Fluent Bit in their environments and update them to at least version 3.2.7.

  3. Once I update to the latest versions of the listed log forwarding services, do I have to do anything else?

    Yes, but only if you are running Infrastracture agents on Linux hosts. If you are running the Linux Infrastructure agent, you will also need to update Fluent Bit within your environment to a version 3.2.7 or later.

  4. How can I find out which Fluent Bit version I’m using?

    If you previously used New Relic log forwarding instrumentation (listed above), and used the affected plugins, you might still be impacted. New Relic recommends that you upgrade your agents, or at minimum disable the affected plugins.

    Additionally, New Relic recommends that all customers identify any other uses of Fluent Bit in their environments and update them to at least version 3.2.7.

Agent

Steps

Infra agent and standalone Fluent bit

  • For your Infrastructure agents, navigate to the Infrastructure Inventory UI and search for Fluent Bit.

  • Run the following NRQL query: FROM Log select count(*) where (plugin.type like '%fluent%' or plugin.source like '%fluent%' or plugin.source like '%-fb-%') facet plugin.type, plugin.source, plugin.version

    Then, check which Fluent Bit version was installed with the output plugin.

Kubernetes

  • For New Relic Logging Helm chart version 1.25.0 or higher, Navigate to the Installed tab and search for Fluent bit in the entities field

  • Otherwise, run the following NRQL query: FROM K8sContainerSample select latest(containerImage) Where podName like '%newrelic-logging%' FACET clusterName

    Then, check which Fluent Bit version was installed with the output plugin.

Supporting Release Notes

Fluent Bit release notes

Infrastructure Release Notes

Fluent Bit Output Plugin Release Notes

Technical vulnerability information

CVE-2024-50608

CVE-2024-50609

Fluent Bit 3.2.7 Release Notes

Publication History

March 1, 2025 - NR25-01 Published

Copyright © 2025 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.