Back to search
CVE-2021-4125
Published: Aug 24, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.
| Vendor | Product | Versions |
|---|---|---|
n/a | kube-reporting/hive | affected Fixed in v4.8, v4.7 and v4.6 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=2033121
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2021-4125
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2021-44228
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2021-45046
x_refsource_MISC
https://github.com/kube-reporting/hive/pull/71
x_refsource_MISC
https://github.com/kube-reporting/hive/pull/72
x_refsource_MISC
https://github.com/kube-reporting/hive/pull/73
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now