[JENKINS-67463] Log4J2 vulnerability CVE-2021-44228 - Jenkins ver. 2.19.1 - Jenkins Jira

Type: Task
Resolution: Not A Defect
Priority: Critical
Component/s: _unsorted
Labels:
Environment:
PROD

Similar Issues:
Powered by SuggestiMate

Show

Hi Team,

We are currently using the Jenkins version 2.19.1

We would like to get your opinion on this whether this version is actually infected on ongoing L0g4J issue ?

If yes, Please let us know which version of log4j jars (affected) are using in this Jenkis version and what is the Fix for this.

In this case ,If the fix is upgrading the Latest version jars means, Please advise us the stable/safe version for the replacement.

Kalle Niemitalo added a comment - 2021-12-28 08:38

Please see the blog post Apache Log4j 2 vulnerability CVE-2021-44228 for how to check whether your Jenkins instance has log4j installed, and for links to related information.

However, Jenkins 2.19.1 is quite an old version and is vulnerable to other attacks. See Jenkins Security Advisory 2016-11-16, for example.

Kalle Niemitalo added a comment - 2021-12-28 08:38 Please see the blog post Apache Log4j 2 vulnerability CVE-2021-44228 for how to check whether your Jenkins instance has log4j installed, and for links to related information. However, Jenkins 2.19.1 is quite an old version and is vulnerable to other attacks. See Jenkins Security Advisory 2016-11-16 , for example.

Assignee:: Unassigned

Reporter:: Nanthakumar Ezhilmaran

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2021-12-27 14:19

Updated:: 2022-01-29 22:03

Resolved:: 2021-12-29 00:45

Details

Description

Attachments

Activity

[JENKINS-67463] Log4J2 vulnerability CVE-2021-44228 - Jenkins ver. 2.19.1

Collapse comment: Kalle Niemitalo added a comment - 2021-12-28 08:38

Expand comment: Kalle Niemitalo added a comment - 2021-12-28 08:38

People

Dates