CVE-2021-4125
Summary
| CVE | CVE-2021-4125 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-24 16:15:00 UTC |
| Updated | 2023-11-07 03:40:00 UTC |
| Description | It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6. |
Risk And Classification
Problem Types: CWE-502
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| [release-4.8] Bug 2033124: Account for non-log4j-core-* JAR filenames by timflannagan · Pull Request #71 · kube-reporting/hive · GitHub | MISC | github.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| 2033121 – (CVE-2021-4125) CVE-2021-4125 kube-reporting/hive: Incomplete fix for log4j CVE-2021-44228 and CVE-2021-45046 | MISC | bugzilla.redhat.com | |
| [release-4.7] Dockerfile: Account for non-log4j-core-* JAR filenames by timflannagan · Pull Request #72 · kube-reporting/hive · GitHub | MISC | github.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| [release-4.6] Dockerfile: Account for non-log4j-core-* JAR filenames by timflannagan · Pull Request #73 · kube-reporting/hive · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.