Описание
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed.
Отчет
This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6. The below previously shipped advisories were incomplete: https://access.redhat.com/errata/RHSA-2021:5108 https://access.redhat.com/errata/RHSA-2021:5107 https://access.redhat.com/errata/RHSA-2021:5106 For the complete fix, customers should upgrade to the images shipped in these advisories: 4.8.24: https://access.redhat.com/errata/RHSA-2021:5183 4.7.40: https://access.redhat.com/errata/RHSA-2021:5184 4.6.52 https://access.redhat.com/errata/RHSA-2021:5186 The OpenShift Metering hive container images were deprecated in OpenShift 4.8, and not shipped in 4.9 or later.
Меры по смягчению последствий
Please follow the Mitigation advice for the original CVEs.
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.
EPSS
8.1 High
CVSS3