Log4shell vulnerability?

Duncan Pierce December 13, 2021

Hi,

Has Bitbucket (or any of the other Atlassian products required to use it) been affected by the recent "log4shell" vulnerability in Log4J?

Thanks for your help!

4 answers

2 accepted

3 votes
Answer accepted
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 13, 2021

Hi all,

Daniel with Atlassian Support here to let you know our security team has finished its investigation. We have an official response statement here on Community, which you can access at this link.

More information can be found on our advisory page, as well as the previously-published FAQ:

Thanks,
Daniel Eads | Atlassian Support

2 votes
Answer accepted
Nikki Zavadska _Appfire_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
December 13, 2021

Hi, you can find FAQs and Atlassian recommendations and updates related to Log4J here 👉 https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

Nikki Zavadska _Appfire_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
December 13, 2021

"You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender, you may be vulnerable. If you do not find a line containing the org.apache.log4j.net.JMSAppender, you do not have this specific vulnerable configuration."

Like Dave Liao likes this
Nikki Zavadska _Appfire_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
December 13, 2021

☝️above is information for data-centre and server

In terms of Cloud there is a mention in FAQ that Atlassian security team is investigating the impact on Cloud but nothing specific is mentioned there yet.

Like Dave Liao likes this
1 vote
Alex Young December 13, 2021

ElasticSearch in our BitBucket has the affected JAR files

Screenshot 2021-12-13 111432.png

 

But Atlassian are saying Bitbucket is not affected?

Whats the deal please?

0 votes
ltoinel December 13, 2021

Hi, My Confluence instance used for an Opensource project has been hacked since the 22th November.

  • A cryptojacker installed a /tmp/.solr/solrd process to mine cryptomoney.
  • A new attack has been detected the 5th december. A ransomware crypted the data of my confluence database.

    Take care of your instances publicly available from Internet ! 

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events