recent log4j vulnerability status #171

iDmple · 2021-12-13T19:07:16Z

iDmple
Dec 13, 2021

Hi,

can we can any info on whether RADAR-Kubernetes is affected by the vulnerability and an ETA on a fix if yes?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

Thanks

Answered by nivemaham

Jan 6, 2022

@iDmple The Log4j issues have been resolved with #173. Please read the report for the details of patches applied

View full answer

iDmple · 2021-12-14T08:42:39Z

iDmple
Dec 14, 2021
Author

I can confirm that RADAR-Kubernetes is vulnerable at least through graylog. Can we have an ETA on a fix? In the meantime our machines will stay offline and we won't be able to progress.

/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/b0b351e68c99d28be2682b4e9d53be0934af6120d31ed326337570ef778854c4/rootfs/usr/share/graylog/data/config/log4j2.xml
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/402a2a816dad4a100370483949f99746b0bdad26b8e610527d99c20f06c64950/rootfs/usr/share/elasticsearch/config/log4j2.file.properties
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/402a2a816dad4a100370483949f99746b0bdad26b8e610527d99c20f06c64950/rootfs/usr/share/elasticsearch/config/log4j2.properties
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/402a2a816dad4a100370483949f99746b0bdad26b8e610527d99c20f06c64950/rootfs/usr/share/elasticsearch/lib/log4j-api-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/402a2a816dad4a100370483949f99746b0bdad26b8e610527d99c20f06c64950/rootfs/usr/share/elasticsearch/lib/log4j-core-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/402a2a816dad4a100370483949f99746b0bdad26b8e610527d99c20f06c64950/rootfs/usr/share/elasticsearch/modules/x-pack-core/log4j-1.2-api-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/402a2a816dad4a100370483949f99746b0bdad26b8e610527d99c20f06c64950/rootfs/usr/share/elasticsearch/modules/x-pack-identity-provider/log4j-slf4j-impl-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/402a2a816dad4a100370483949f99746b0bdad26b8e610527d99c20f06c64950/rootfs/usr/share/elasticsearch/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/118947cf577f32c07b7493b1deefe7707c7f69d992a94473e864c7fb6ab353b5/rootfs/usr/share/elasticsearch/config/log4j2.file.properties
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/118947cf577f32c07b7493b1deefe7707c7f69d992a94473e864c7fb6ab353b5/rootfs/usr/share/elasticsearch/config/log4j2.properties
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/118947cf577f32c07b7493b1deefe7707c7f69d992a94473e864c7fb6ab353b5/rootfs/usr/share/elasticsearch/lib/log4j-api-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/118947cf577f32c07b7493b1deefe7707c7f69d992a94473e864c7fb6ab353b5/rootfs/usr/share/elasticsearch/lib/log4j-core-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/118947cf577f32c07b7493b1deefe7707c7f69d992a94473e864c7fb6ab353b5/rootfs/usr/share/elasticsearch/modules/x-pack-core/log4j-1.2-api-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/118947cf577f32c07b7493b1deefe7707c7f69d992a94473e864c7fb6ab353b5/rootfs/usr/share/elasticsearch/modules/x-pack-identity-provider/log4j-slf4j-impl-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/118947cf577f32c07b7493b1deefe7707c7f69d992a94473e864c7fb6ab353b5/rootfs/usr/share/elasticsearch/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/c2a54cdeb64b3796599ca42e9ace2e67a1669d38403da2380d6ae861ff79e3c8/rootfs/usr/share/elasticsearch/config/log4j2.file.properties
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/c2a54cdeb64b3796599ca42e9ace2e67a1669d38403da2380d6ae861ff79e3c8/rootfs/usr/share/elasticsearch/config/log4j2.properties
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/c2a54cdeb64b3796599ca42e9ace2e67a1669d38403da2380d6ae861ff79e3c8/rootfs/usr/share/elasticsearch/lib/log4j-api-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/c2a54cdeb64b3796599ca42e9ace2e67a1669d38403da2380d6ae861ff79e3c8/rootfs/usr/share/elasticsearch/lib/log4j-core-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/c2a54cdeb64b3796599ca42e9ace2e67a1669d38403da2380d6ae861ff79e3c8/rootfs/usr/share/elasticsearch/modules/x-pack-core/log4j-1.2-api-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/c2a54cdeb64b3796599ca42e9ace2e67a1669d38403da2380d6ae861ff79e3c8/rootfs/usr/share/elasticsearch/modules/x-pack-identity-provider/log4j-slf4j-impl-2.11.1.jar
/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/c2a54cdeb64b3796599ca42e9ace2e67a1669d38403da2380d6ae861ff79e3c8/rootfs/usr/share/elasticsearch/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/286/fs/etc/kafka/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/286/fs/usr/share/java/kafka/log4j-1.2.17.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/287/fs/etc/confluent/docker/log4j.properties.template
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/262/fs/etc/kafka/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/262/fs/usr/share/java/kafka/log4j-1.2.17.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/263/fs/etc/confluent/docker/log4j.properties.template
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/304/fs/etc/confluent-control-center/log4j-rolling.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/304/fs/etc/confluent-control-center/log4j-silent.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/304/fs/etc/confluent-control-center/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/304/fs/etc/confluent-rebalancer/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/304/fs/etc/schema-registry/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/304/fs/usr/share/java/confluent-control-center/log4j-1.2.17.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/304/fs/usr/share/java/confluent-rebalancer/log4j-1.2.17.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/304/fs/usr/share/java/schema-registry/log4j-1.2.17.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/63/fs/usr/share/elasticsearch/config/log4j2.file.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/63/fs/usr/share/elasticsearch/config/log4j2.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/63/fs/usr/share/elasticsearch/lib/log4j-api-2.11.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/63/fs/usr/share/elasticsearch/lib/log4j-core-2.11.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/63/fs/usr/share/elasticsearch/modules/x-pack-core/log4j-1.2-api-2.11.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/63/fs/usr/share/elasticsearch/modules/x-pack-identity-provider/log4j-slf4j-impl-2.11.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/63/fs/usr/share/elasticsearch/modules/x-pack-security/log4j-slf4j-impl-2.11.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/146/fs/usr/share/graylog/data/config/log4j2.xml
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/147/fs/usr/share/graylog/data/config/log4j2.xml
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/307/fs/etc/confluent/docker/log4j.properties.template
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/325/fs/usr/lib/log4j-api-2.14.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/325/fs/usr/lib/log4j-core-2.14.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/325/fs/usr/lib/log4j-jul-2.14.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/325/fs/usr/lib/log4j-slf4j-impl-2.14.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2425/fs/usr/lib/log4j-1.2.17.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2464/fs/etc/kafka/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2465/fs/etc/confluent/docker/log4j.properties.template
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2466/fs/etc/confluent-control-center/log4j-rolling.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2466/fs/etc/confluent-control-center/log4j-silent.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2466/fs/etc/confluent-control-center/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2466/fs/etc/confluent-hub-client/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2466/fs/etc/confluent-rebalancer/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2466/fs/etc/schema-registry/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2467/fs/etc/confluent/docker/log4j.properties.template
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2311/fs/etc/kafka/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2311/fs/usr/share/java/kafka/log4j-1.2.17.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2316/fs/etc/confluent/docker/log4j.properties.template
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2317/fs/etc/confluent-control-center/log4j-rolling.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2317/fs/etc/confluent-control-center/log4j-silent.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2317/fs/etc/confluent-control-center/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2317/fs/etc/confluent-hub-client/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2317/fs/etc/confluent-rebalancer/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2317/fs/etc/schema-registry/log4j.properties
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2317/fs/usr/share/java/confluent-control-center/log4j-1.2.17.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2317/fs/usr/share/java/confluent-hub-client/log4j-1.2.17.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2317/fs/usr/share/java/confluent-rebalancer/log4j-1.2.17.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2317/fs/usr/share/java/schema-registry/log4j-1.2.17.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2335/fs/usr/lib/log4j-api-2.14.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2335/fs/usr/lib/log4j-core-2.14.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2335/fs/usr/lib/log4j-jul-2.14.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2335/fs/usr/lib/log4j-slf4j-impl-2.14.1.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2338/fs/etc/confluent/docker/log4j.properties.template
/var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/2420/fs/usr/share/kafka-connect/plugins/confluentinc-kafka-connect-s3/lib/log4j-1.2.17.jar
/var/lib/rancher/k3s/agent/containerd/io.containerd.grpc.v1.cri/containers/b0b351e68c99d28be2682b4e9d53be0934af6120d31ed326337570ef778854c4/volumes/262f8980aba22d29a1b14e2c36a4fe1d8228aa29a84777d1f3611549778a58f0/config/log4j2.xml
/var/lib/rancher/k3s/agent/containerd/io.containerd.grpc.v1.cri/containers/3022d1a92c1a496602223f29af30c10224d6addd5a49b35f58b24494ff71f8a7/volumes/430e692f51bc376b2d1a9ec9a7c57bf038e9bbd63c130b7f8d63fcdb7d106590/config/log4j2.xml
/var/lib/kubelet/pods/dd964165-56d7-4870-995f-2057b5fd33cd/volumes/kubernetes.io~configmap/config/..2021_12_10_16_07_22.103448570/log4j2.xml
/var/lib/kubelet/pods/dd964165-56d7-4870-995f-2057b5fd33cd/volumes/kubernetes.io~configmap/config/log4j2.xml

0 replies

nivemaham · 2021-12-14T09:11:36Z

nivemaham
Dec 14, 2021

Hi all, RADAR-Kubernetes is vulnerable to the log4shell vulnerability. We are working on fixes. We don't have an ETA on this. We hope to provide the fix ASAP. We suggest to turn off your infrastructure or manually apply the mitigations on all pods that uses Java.

0 replies

iDmple · 2022-01-06T09:11:07Z

iDmple
Jan 6, 2022
Author

Just to confirm, is this fixed? Thanks!

0 replies

nivemaham · 2022-01-06T09:50:25Z

nivemaham
Jan 6, 2022

@iDmple The Log4j issues have been resolved with #173. Please read the report for the details of patches applied

0 replies

iDmple · 2022-01-07T09:23:25Z

iDmple
Jan 7, 2022
Author

Perfect thanks!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

recent log4j vulnerability status #171

{{title}}

Replies: 5 comments

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

recent log4j vulnerability status #171

iDmple Dec 13, 2021

Replies: 5 comments

iDmple Dec 14, 2021 Author

nivemaham Dec 14, 2021

iDmple Jan 6, 2022 Author

nivemaham Jan 6, 2022

iDmple Jan 7, 2022 Author

iDmple
Dec 13, 2021

iDmple
Dec 14, 2021
Author

nivemaham
Dec 14, 2021

iDmple
Jan 6, 2022
Author

nivemaham
Jan 6, 2022

iDmple
Jan 7, 2022
Author