7.5
CVE-2026-44025
- EPSS 0.48%
- Veröffentlicht 08.07.2026 21:23:16
- Zuletzt bearbeitet 10.07.2026 19:01:51
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Fluentd: Exposure of Sensitive Information via Monitor Agent API
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's Monitor Agent plugin in_monitor_agent exposes internal metrics and plugin information via a REST API, and responses from /api/plugins.json and related endpoints unintentionally include internal instance variables that may contain database passwords, API keys, or cloud credentials. This issue is fixed in version 1.19.3.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerfluent
≫
Produkt
fluentd
Version
< 1.19.3
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.382 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://github.com/fluent/fluentd/releases/tag/v1.19.3
https://github.com/fluent/fluentd/security/advisories/GHSA-pr7j-96cj-549h
https://github.com/fluent/fluentd/pull/5392
https://github.com/fluent/fluentd/commit/990921518971699b9a97441970674d1800e29177