You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We had to extract the atlassian-bamboo-agent-installer-8.0.4.jar and to analyse for CVE-2021-44228 for our client.
What we found was that log4j 2.9.0 is in the atlassian-bamboo-agent-installer-8.0.4.jar/classpath.zip, but apparently its not an issue per Nexus-IQ.
Any idea if atlassian will be updating the atlassian-bamboo-agent-installer-8.0.4.jar ?
Below are the extracted findings of the bamboo agent installer jar
Hi @Vincent ,
Please see the advisory we released today - Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228 - for the specific information in regards to Bamboo.