Back to bug 2030932
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Wade Mealing | 2021-12-10 02:02:48 UTC | Blocks | 2030930 | |
| Ted Jongseok Won | 2021-12-10 03:13:04 UTC | Fixed In Version | log4j-2.15.0-rc1 | |
| Huzaifa S. Sidhpurwala | 2021-12-10 03:24:47 UTC | CC | dbhole, devrim, hhorak, java-sig-commits, jorton, sergio | |
| Huzaifa S. Sidhpurwala | 2021-12-10 03:25:11 UTC | Depends On | 2030945 | |
| Ted Jongseok Won | 2021-12-10 04:02:44 UTC | Summary | apache-log4j: Remote code execution in log4j when logs contain an attacker-controlled string value. | log4j-core: Remote code execution in Log4j 2 when logs contain an attacker-controlled string value. |
| Ted Jongseok Won | 2021-12-10 04:04:42 UTC | CC | chazlett, jochrist, jross, jwon | |
| Ted Jongseok Won | 2021-12-10 04:05:20 UTC | CC | swoodman | |
| Ted Jongseok Won | 2021-12-10 04:06:18 UTC | CC | pjindal | |
| Ted Jongseok Won | 2021-12-10 04:07:01 UTC | CC | asoldano, atangrin, bbaranow, bmaxwell, brian.stansberry, cdewolf, darran.lofthouse, dkreling, dosoudil, eleandro, fjuma, iweiss, jpallich, jperkins, krathod, kwills, lgao, msochure, msvehla, nwallace, pmackay, rguimara, rstancel, rsvoboda, smaestri, tom.jenkinson, yborgess | |
| Ted Jongseok Won | 2021-12-10 04:07:36 UTC | CC | aileenc, drieden, ggaughan, gmalinko, janstey, pdelbell | |
| Ted Jongseok Won | 2021-12-10 04:16:53 UTC | CC | bibryam, hbraun, pantinor | |
| Ted Jongseok Won | 2021-12-10 04:17:26 UTC | CC | jnethert | |
| Ted Jongseok Won | 2021-12-10 04:18:07 UTC | CC | avibelli, bgeorges, lthon, mszynkie, peholase, pgallagh, rruss | |
| Ted Jongseok Won | 2021-12-10 04:18:39 UTC | CC | akoufoud, alazarot, almorale, anstephe, etirelli, ibek, jrokos, jstastny, kverlaen, mnovotny, rrajasek, tzimanyi | |
| Yogesh Mittal | 2021-12-10 05:53:47 UTC | CC | ymittal | |
| Huzaifa S. Sidhpurwala | 2021-12-10 06:02:59 UTC | Doc Text | A flaw was found in the Java logging library log4j which could allow a remote attacker to execute code on the server if the system logs an attacker controlled string value. | |
| Huzaifa S. Sidhpurwala | 2021-12-10 06:10:05 UTC | Summary | log4j-core: Remote code execution in Log4j 2 when logs contain an attacker-controlled string value. | CVE-2021-44228 log4j-core: Remote code execution in Log4j 2 when logs contain an attacker-controlled string value. |
| Alias | CVE-2021-44228 | |||
| Huzaifa S. Sidhpurwala | 2021-12-10 06:16:34 UTC | Summary | CVE-2021-44228 log4j-core: Remote code execution in Log4j 2 when logs contain an attacker-controlled string value. | CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value. |
| Ted Jongseok Won | 2021-12-10 06:21:34 UTC | Doc Text | A flaw was found in the Java logging library log4j which could allow a remote attacker to execute code on the server if the system logs an attacker controlled string value. | A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0.0 and before and including 2.14.1 which could allow a remote attacker to execute code on the server if the system logs an attacker controlled string value with the attacker's JNDI LDAP server lookup. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability. |
| Florencio Cano | 2021-12-10 06:41:21 UTC | CC | bdettelb | |
| Florencio Cano | 2021-12-10 06:41:41 UTC | CC | caswilli, kaycoth | |
| Sam Fowler | 2021-12-10 06:48:38 UTC | CC | ewolinet, jcantril | |
| Florencio Cano | 2021-12-10 06:49:12 UTC | CC | caswilli, kaycoth | |
| Florencio Cano | 2021-12-10 06:49:41 UTC | CC | caswilli, kaycoth | |
| Sam Fowler | 2021-12-10 06:58:15 UTC | CC | dbecker, jjoyce, jschluet, lhh, lpeer, mburns, mkolesni, sclewis, scohen, slinaber | |
| Ted Jongseok Won | 2021-12-10 07:34:53 UTC | CC | clement.escoffier, dandread, gsmet, hamadhan, probinso, sbiarozk, sdouglas | |
| Paramvir jindal | 2021-12-10 07:57:04 UTC | CC | aboyko, boliveir, pdrozd, sthorger | |
| Bin Hu | 2021-12-10 08:11:16 UTC | CC | bihu | |
| Sam Fowler | 2021-12-10 08:34:03 UTC | CC | aos-bugs, bmontgom, eparis, jburrell, jokerman, nstielau, sd-operator-metering, sponnaga, tflannag | |
| Sam Fowler | 2021-12-10 08:41:04 UTC | CC | vkumar | |
| Grzegorz Grzybek | 2021-12-10 08:44:00 UTC | CC | ggrzybek | |
| Sam Fowler | 2021-12-10 08:44:24 UTC | Depends On | 2030985, 2030991, 2030988, 2030986, 2030989, 2030990, 2030987 | |
| Florian Weimer | 2021-12-10 09:02:09 UTC | CC | fweimer | |
| Ted Jongseok Won | 2021-12-10 11:03:16 UTC | CC | jiehuang | |
| Severity | high | urgent | ||
| Priority | high | urgent | ||
| Sofia | 2021-12-10 11:04:55 UTC | CC | skaipi | |
| Przemyslaw Roguski | 2021-12-10 11:07:38 UTC | Depends On | 2031028, 2031029 | |
| Paramvir jindal | 2021-12-10 11:28:02 UTC | Doc Text | A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0.0 and before and including 2.14.1 which could allow a remote attacker to execute code on the server if the system logs an attacker controlled string value with the attacker's JNDI LDAP server lookup. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability. | A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0.0 and before and including 2.14.1 which could allow a remote attacker to execute code on the server if the system logs an attacker controlled string value with the attacker's JNDI LDAP server lookup. |
| Clifford Perry | 2021-12-10 11:33:30 UTC | CC | cperry | |
| Przemyslaw Roguski | 2021-12-10 11:37:36 UTC | Fixed In Version | log4j-2.15.0-rc1 | log4j-2.15.0 |
| Ted Jongseok Won | 2021-12-10 11:42:38 UTC | Doc Text | A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0.0 and before and including 2.14.1 which could allow a remote attacker to execute code on the server if the system logs an attacker controlled string value with the attacker's JNDI LDAP server lookup. | A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1 which could allow a remote attacker to execute code on the server if the system logs an attacker controlled string value with the attacker's JNDI LDAP server lookup. |
| Przemyslaw Roguski | 2021-12-10 11:48:44 UTC | Depends On | 2031029 | |
| Grzegorz Grzybek | 2021-12-10 12:22:32 UTC | Flags | needinfo?(jwon) | |
| Ted Jongseok Won | 2021-12-10 12:40:30 UTC | Flags | needinfo?(jwon) | |
| Ted Jongseok Won | 2021-12-10 12:53:28 UTC | Summary | CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value. | CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value. |
| Tomas Hoger | 2021-12-10 12:55:23 UTC | Summary | CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value. | CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value |
| Fixed In Version | log4j-2.15.0 | log4j 2.15.0 | ||
| M. Scherer | 2021-12-10 14:18:58 UTC | CC | orivat | |
| CC | mscherer | |||
| Eric Christensen | 2021-12-10 15:01:38 UTC | Doc Text | A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1 which could allow a remote attacker to execute code on the server if the system logs an attacker controlled string value with the attacker's JNDI LDAP server lookup. | A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1. This could allow a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker's JNDI LDAP server lookup. |
| Sandro Bonazzola | 2021-12-10 15:15:35 UTC | Depends On | 2031102 | |
| Anand Paladugu | 2021-12-10 15:55:37 UTC | CC | apaladug | |
| Anand Paladugu | 2021-12-10 16:15:31 UTC | Flags | needinfo?(pjindal) | |
| Nick Tait | 2021-12-10 16:51:19 UTC | Depends On | 2031171 | |
| Paramvir jindal | 2021-12-10 17:29:14 UTC | CC | dtarabor | |
| Comment | 28 | updated | ||
| Paramvir jindal | 2021-12-10 17:33:33 UTC | Flags | needinfo?(pjindal) | |
| Christopher Wawak | 2021-12-10 18:54:30 UTC | CC | cwawak | |
| Kevin Zona | 2021-12-10 19:40:42 UTC | CC | kzona | |
| Eric Christensen | 2021-12-10 20:31:49 UTC | Doc Text | A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1. This could allow a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker's JNDI LDAP server lookup. | A flaw was found in the Java logging library Apache Log4j in versions from 2.0.0 and before as well as version 2.14.1. This allows a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker's JNDI LDAP server lookup. |
| Andy Nelson | 2021-12-10 20:50:03 UTC | CC | annelson | |
| Mike McCune | 2021-12-10 21:54:52 UTC | CC | nivarma | |
| CC | mmccune | |||
| Mike Murphy | 2021-12-10 22:39:13 UTC | CC | micmurph | |
| Abhinay Purty | 2021-12-11 01:34:49 UTC | CC | apurty | |
| Sachin Kharat | 2021-12-11 02:41:05 UTC | CC | skharat | |
| Joshua Kocinski | 2021-12-11 03:12:14 UTC | CC | rhbugzilla | |
| Chris Couples | 2021-12-11 06:31:03 UTC | CC | chris.couples | |
| Andre Costa | 2021-12-11 09:10:56 UTC | CC | andcosta | |
| Brendan Shirren | 2021-12-11 09:16:18 UTC | CC | bshirren | |
| Rutvik | 2021-12-11 10:22:25 UTC | CC | rkshirsa | |
| Richard Barrott | 2021-12-11 22:37:10 UTC | CC | rbarrott | |
| Ahmed Nazmy | 2021-12-12 05:46:24 UTC | CC | anazmy | |
| Judith Zhu | 2021-12-12 08:33:01 UTC | CC | jizhu | |
| Alexander Phinikarides | 2021-12-13 00:20:30 UTC | CC | alexisph | |
| Yasuhiro Ozone | 2021-12-13 00:21:57 UTC | CC | yozone | |
| Yuki Okada | 2021-12-13 00:24:38 UTC | CC | yuokada | |
| Kazu Yoshida | 2021-12-13 00:33:55 UTC | CC | kyoshida | |
| Selim Jahangir | 2021-12-13 01:50:44 UTC | CC | mjahangi | |
| Al | 2021-12-13 02:41:31 UTC | Flags | needinfo?(security-response-team) | |
| CC | amiftah, security-response-team | |||
| jalviso | 2021-12-13 03:30:03 UTC | CC | jalviso | |
| Kazuhisa Hara | 2021-12-13 03:43:35 UTC | CC | kahara | |
| Hyuntae Park | 2021-12-13 03:44:25 UTC | CC | hyunpark | |
| Product Security DevOps Team | 2021-12-13 03:46:31 UTC | Flags | needinfo?(security-response-team) | needinfo?(jwon) |
| Masaki Furuta ( RH ) | 2021-12-13 03:55:50 UTC | CC | mfuruta | |
| Yanmin Liu | 2021-12-13 04:04:08 UTC | CC | yanmliu | |
| Aditya Soni | 2021-12-13 04:10:31 UTC | CC | adsoni | |
| Hideshi Fukumoto | 2021-12-13 05:30:59 UTC | CC | hfukumot | |
| Sam Fowler | 2021-12-13 05:49:39 UTC | CC | sfowler | |
| Rahul Rajendran | 2021-12-13 05:56:29 UTC | CC | rpalathi | |
| raju kumar | 2021-12-13 06:03:48 UTC | CC | rajukuma | |
| Brendan Shephard | 2021-12-13 06:29:15 UTC | CC | bshephar | |
| Flos Qi Guo | 2021-12-13 07:19:55 UTC | CC | qguo | |
| Ted Jongseok Won | 2021-12-13 07:43:28 UTC | Flags | needinfo?(jwon) | |
| Silvia Parpatekar | 2021-12-13 09:09:06 UTC | CC | sparpate | |
| Torsten Mielke | 2021-12-13 09:18:14 UTC | Flags | needinfo?(security-response-team) | |
| CC | tmielke | |||
| Steve Outteridge | 2021-12-13 09:22:55 UTC | CC | soutteri | |
| Joachim Boyer | 2021-12-13 09:30:55 UTC | CC | joboyer | |
| cfrancio | 2021-12-13 09:41:38 UTC | CC | cfrancio | |
| Christian Affolter | 2021-12-13 10:02:41 UTC | CC | christian.affolter | |
| Product Security DevOps Team | 2021-12-13 10:04:25 UTC | Flags | needinfo?(security-response-team) | needinfo?(jwon) |
| Krutika Kinge | 2021-12-13 10:25:43 UTC | CC | kkinge | |
| Ashwini M. Khaire | 2021-12-13 10:29:02 UTC | CC | akhaire | |
| Ted Jongseok Won | 2021-12-13 11:22:56 UTC | Flags | needinfo?(jwon) | |
| Abey Jose | 2021-12-13 11:32:15 UTC | CC | ajose | |
| Ilan Green | 2021-12-13 11:41:23 UTC | CC | igreen | |
| Flags | needinfo?(mmccune) | |||
| Yadnyawalk Tale | 2021-12-13 12:20:05 UTC | CC | ytale | |
| Yadnyawalk Tale | 2021-12-13 12:25:20 UTC | CC | bbuckingham, bcourt, bkearney, btotty, ehelms, jsherril, lzap, mhulan, myarboro, nmoumoul, orabin, pcreech, rchan, tbrisker | |
| yuk | 2021-12-13 12:37:51 UTC | CC | fadamo | |
| Tomer Brisker | 2021-12-13 12:42:19 UTC | CC | tbrisker | |
| Stanislav Polasek | 2021-12-13 12:44:22 UTC | CC | stanislav.polasek | |
| Hradayesh Shukla | 2021-12-13 13:12:22 UTC | CC | hshukla | |
| Ashish Humbe | 2021-12-13 13:26:37 UTC | CC | ahumbe | |
| José Enrique | 2021-12-13 13:49:04 UTC | CC | josgutie | |
| Ashwini M. Khaire | 2021-12-13 14:06:08 UTC | Flags | needinfo?(security-response-team) | |
| Dave Sullivan | 2021-12-13 14:11:26 UTC | CC | dsulliva | |
| Andre Costa | 2021-12-13 14:13:39 UTC | Flags | needinfo?(mmccune) needinfo?(security-response-team) | |
| Przemyslaw Roguski | 2021-12-13 14:45:32 UTC | Doc Text | A flaw was found in the Java logging library Apache Log4j in versions from 2.0.0 and before as well as version 2.14.1. This allows a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker's JNDI LDAP server lookup. | A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint. |
| Sayan Das | 2021-12-13 15:27:39 UTC | CC | saydas | |
| Jonathan Christison | 2021-12-13 16:06:27 UTC | CC | ataylor | |
| Joshua Kocinski | 2021-12-13 17:31:41 UTC | CC | rhbugzilla | |
| Anand R | 2021-12-13 18:16:17 UTC | CC | anr | |
| Vincent Lours | 2021-12-14 00:28:21 UTC | Depends On | 2032008 | |
| CC | vlours | |||
| Tony Garcia | 2021-12-14 00:45:22 UTC | CC | antgarci | |
| Mitchell Rollinson | 2021-12-14 01:14:35 UTC | CC | mirollin | |
| errata-xmlrpc | 2021-12-14 05:51:13 UTC | Link ID | Red Hat Product Errata RHSA-2021:5094 | |
| Stoyan Nikolov | 2021-12-14 08:32:57 UTC | Flags | needinfo?(josgutie) | |
| CC | snikolov | |||
| Mithilesh Kaur Bagga | 2021-12-14 11:01:42 UTC | CC | momran | |
| CC | mbagga | |||
| Sergio Basto | 2021-12-14 11:14:08 UTC | CC | sergio | |
| errata-xmlrpc | 2021-12-14 15:10:38 UTC | Link ID | Red Hat Product Errata RHSA-2021:5108 | |
| errata-xmlrpc | 2021-12-14 16:01:46 UTC | Link ID | Red Hat Product Errata RHSA-2021:5093 | |
| errata-xmlrpc | 2021-12-14 16:19:43 UTC | Link ID | Red Hat Product Errata RHSA-2021:5126 | |
| errata-xmlrpc | 2021-12-14 17:08:13 UTC | CC | remon.lam | |
| Link ID | Red Hat Product Errata RHSA-2021:5129 | |||
| errata-xmlrpc | 2021-12-14 17:55:54 UTC | CC | patrick.andrieux | |
| Link ID | Red Hat Product Errata RHSA-2021:5130 | |||
| errata-xmlrpc | 2021-12-14 18:11:11 UTC | Link ID | Red Hat Product Errata RHSA-2021:5128 | |
| errata-xmlrpc | 2021-12-14 18:40:53 UTC | Link ID | Red Hat Product Errata RHSA-2021:5127 | |
| Ganesh Gore | 2021-12-14 19:16:30 UTC | CC | gagore | |
| Apurva Nisal | 2021-12-14 19:56:57 UTC | Depends On | 2032598 | |
| CC | anisal | |||
| errata-xmlrpc | 2021-12-14 20:04:21 UTC | Link ID | Red Hat Product Errata RHSA-2021:5132 | |
| errata-xmlrpc | 2021-12-14 21:13:40 UTC | Link ID | Red Hat Product Errata RHSA-2021:5133 | |
| errata-xmlrpc | 2021-12-14 21:36:18 UTC | Link ID | Red Hat Product Errata RHSA-2021:5134 | |
| errata-xmlrpc | 2021-12-14 21:37:42 UTC | Link ID | Red Hat Product Errata RHSA-2021:5137 | |
| errata-xmlrpc | 2021-12-14 21:49:13 UTC | Link ID | Red Hat Product Errata RHSA-2021:5138 | |
| errata-xmlrpc | 2021-12-15 03:00:14 UTC | Link ID | Red Hat Product Errata RHSA-2021:5140 | |
| Mauro Oddi | 2021-12-15 13:21:13 UTC | CC | moddi | |
| Bing | 2021-12-15 19:59:42 UTC | CC | byuan | |
| errata-xmlrpc | 2021-12-15 20:09:48 UTC | Link ID | Red Hat Product Errata RHSA-2021:5148 | |
| errata-xmlrpc | 2021-12-16 06:13:44 UTC | Link ID | Red Hat Product Errata RHSA-2021:5106 | |
| errata-xmlrpc | 2021-12-16 07:50:19 UTC | Link ID | Red Hat Product Errata RHSA-2021:5141 | |
| errata-xmlrpc | 2021-12-16 15:00:36 UTC | Link ID | Red Hat Product Errata RHSA-2021:5107 | |
| Product Security DevOps Team | 2021-12-16 16:56:12 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2021-12-16 16:56:12 UTC | |||
| Nick Tait | 2021-12-17 18:57:21 UTC | CC | lmadsen, mgarciac, mrunge, nobody | |
| Mithilesh Kaur Bagga | 2021-12-21 16:52:31 UTC | Flags | needinfo?(security-response-team) | |
| cldavey | 2021-12-21 17:13:10 UTC | CC | cldavey | |
| Product Security DevOps Team | 2021-12-21 17:19:37 UTC | Flags | needinfo?(security-response-team) | needinfo?(jwon) |
| Ted Jongseok Won | 2021-12-22 04:33:08 UTC | Flags | needinfo?(jwon) | |
| Radomir Ludva | 2021-12-28 08:36:55 UTC | CC | yaoli | |
| Flags | needinfo?(security-response-team) | |||
| CC | rludva | |||
| Product Security DevOps Team | 2021-12-28 09:10:24 UTC | Flags | needinfo?(security-response-team) | needinfo?(jwon) |
| Marco Benatto | 2021-12-28 18:37:21 UTC | CC | scorneli | |
| Marco Benatto | 2021-12-28 18:43:27 UTC | Comment | 113 | updated |
| Marco Benatto | 2021-12-28 18:47:11 UTC | Flags | needinfo?(rludva) | |
| CC | mbenatto | |||
| Ted Jongseok Won | 2021-12-29 05:19:09 UTC | Flags | needinfo?(jwon) | needinfo?(hvyas) |
| CC | hvyas | |||
| Hardik Vyas | 2021-12-30 06:04:28 UTC | Flags | needinfo?(hvyas) | |
| errata-xmlrpc | 2022-01-11 17:57:04 UTC | Link ID | Red Hat Product Errata RHSA-2022:0082 | |
| Chess Hazlett | 2022-01-17 18:11:11 UTC | CC | amackenz, amasferr, mkudlej, tjochec | |
| errata-xmlrpc | 2022-01-20 09:27:05 UTC | Link ID | Red Hat Product Errata RHSA-2022:0203 | |
| Pedro Sampaio | 2022-01-25 14:53:15 UTC | Flags | needinfo?(pjindal) | |
| errata-xmlrpc | 2022-01-26 15:54:39 UTC | Link ID | Red Hat Product Errata RHSA-2022:0296 | |
| Paramvir jindal | 2022-01-27 09:41:29 UTC | Flags | needinfo?(pjindal) | |
| Greg Scott | 2022-02-02 23:47:49 UTC | CC | gscott | |
| José Enrique | 2022-02-22 16:20:26 UTC | Flags | needinfo?(josgutie) | |
| Martin Perina | 2022-06-08 08:22:50 UTC | Depends On | 2060792 | |
| Radomir Ludva | 2022-07-19 10:00:43 UTC | Flags | needinfo?(rludva) |
Back to bug 2030932