Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Log4shell vulnerability?

Hi,

Has Bitbucket (or any of the other Atlassian products required to use it) been affected by the recent "log4shell" vulnerability in Log4J?

Thanks for your help!

4 answers

2 accepted

3 votes
Answer accepted

Hi all,

Daniel with Atlassian Support here to let you know our security team has finished its investigation. We have an official response statement here on Community, which you can access at this link.

More information can be found on our advisory page, as well as the previously-published FAQ:

Thanks,
Daniel Eads | Atlassian Support

2 votes
Answer accepted

Hi, you can find FAQs and Atlassian recommendations and updates related to Log4J here 👉 https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

"You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender, you may be vulnerable. If you do not find a line containing the org.apache.log4j.net.JMSAppender, you do not have this specific vulnerable configuration."

Like Dave Liao likes this

☝️above is information for data-centre and server

In terms of Cloud there is a mention in FAQ that Atlassian security team is investigating the impact on Cloud but nothing specific is mentioned there yet.

Like Dave Liao likes this

ElasticSearch in our BitBucket has the affected JAR files

Screenshot 2021-12-13 111432.png

 

But Atlassian are saying Bitbucket is not affected?

Whats the deal please?

Hi, My Confluence instance used for an Opensource project has been hacked since the 22th November.

  • A cryptojacker installed a /tmp/.solr/solrd process to mine cryptomoney.
  • A new attack has been detected the 5th december. A ransomware crypted the data of my confluence database.

    Take care of your instances publicly available from Internet ! 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

📣 Calling Bitbucket Data Center customers to participate in research

Hi everyone, Are you Bitbucket DC customer? If so, we'd love to talk to you! Our team wants to dive deep to understand your long-term plans regarding Bitbucket DC and Atlassian Cloud. Do you plan...

184 views 2 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you