Skip to content

Atlassian Products affected by Log4j Vulnerability

Some of the OnPremises Atlassian products has been also affected by Log4j Vulnerability whereas all the Cloud Products of Atlassian has been applied patches to mitigate for this Vulnerability and as of now there has been no expose of data from Atlassian Cloud which has been confirmed the Altassian security Team. Atlassian Products like Bamboo Server and Data Center, Confluence Server, Crowd Server, Fisheye,Crucible and Jira Server has been affected by this Vulnerability as they use a fork of Log4j 1.2.17 version. Though the chance is very remote to exploit these vulnerability in the Log4j 1.2.17 version..it can be exploited by a trusted third party.So detailed Mitigation steps have been released for this vulnerability

Atlassian ProductVersion
Bamboo Server & Data CenterOn premVulnerableMitigation
BitBucket ServerOn prem VulnerableMitigation
Confluence Server & Data CenterOn premVulnerableMitigation
Crowd Server & Data CenterOn premVulnerableMitigation
CrucibleOn premVulnerableMitigation
FisheyeOn premVulnerableMitigation
Jira Server & Data CenterOn premVulnerableMitigation
Source: https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

Detailed Mitigation steps have been provided for mitigating this Vulnerability in Atlassian products as of now in the above link which is needed onlywhen JMS Appender has been configured with a JNDI lookup to a third party otherwise those mitigation steps are not needed.