CVE-2021-4047 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Openshift	4.9

Related Weaknesses (CWE)

CWE-20

References

https://bugzilla.redhat.com/show_bug.cgi?id=2027881Issue TrackingVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2027881Issue TrackingVendor Advisory

FAQ

What is CVE-2021-4047?

CVE-2021-4047 is a vulnerability with a CVSS score of 7.5 (HIGH). The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.

How severe is CVE-2021-4047?

CVE-2021-4047 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-4047?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift.