Security updates: Grafana and Log4j
Aiven's CISO recaps the recent vulnerabilities and what Aiven did about them. The company dealt with two major security issues - a path traversal vulnerability in Grafana and a Remote Code Execution (RCE) vulnerability in Log4j, also known as Log4shell. Both of these issues represent some of the most interesting but also most painful kinds of security problems that Aiven has seen before and will see again. The company's monitoring noted an increase of blind path traversal requests trying to probe for the vulnerability starting on December 6th, while all Aiven services were remediated by December 11th - a period of just over 24 hours from awareness to remediation.
Company
Aiven
Date published
Dec. 20, 2021
Author(s)
James Arlen
Word count
1823
Language
English
Hacker News points
None found.