CVE-2021-4125
HIGHOpenShift 4.6.0-4.6.51 - Deserialization of Untrusted Data in Metering Hive Container
Title source: llmDescription
It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.
References (7)
Core 7
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2033121
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/CVE-2021-4125
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/CVE-2021-44228
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/CVE-2021-45046
Third Party Advisory x_refsource_misc
https://github.com/kube-reporting/hive/pull/71
Third Party Advisory x_refsource_misc
https://github.com/kube-reporting/hive/pull/72
Third Party Advisory x_refsource_misc
https://github.com/kube-reporting/hive/pull/73
Scores
CVSS v3
8.1
EPSS
0.0237
EPSS Percentile
85.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
CWE-20
Status
published
Products (1)
redhat/openshift
4.6.0 - 4.6.52
Published
Aug 24, 2022
Tracked Since
Feb 18, 2026