CVE-2021-4125

Sažetak

It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2033121
https://access.redhat.com/security/cve/CVE-2021-44228
https://github.com/kube-reporting/hive/pull/71
https://access.redhat.com/security/cve/CVE-2021-4125
https://github.com/kube-reporting/hive/pull/73
https://github.com/kube-reporting/hive/pull/72
https://access.redhat.com/security/cve/CVE-2021-45046

CVSS

Base:	8.1
Impact:	5.9
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

07-11-2023 - 03:40

Objavljeno

24-08-2022 - 16:15