Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Log4J Vulnerability located in Atlassian/Crowd

Mariner IT February 8, 2022

I am getting prompts that my version of Atalassian Crowd has vulnerable Log4J files in it - how can we remedy?

1 answer

1 vote
Sloan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 8, 2022

Hi there

You should check out Atlassian's response to Log4Shell: Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228

Crowd should not be affected to my knowledge. Out of curiosity, where do you get the prompt from?

Cheers
Niklas

Mariner IT February 8, 2022

Azure/Windows Defender security.

Mariner IT February 8, 2022

That link does not seem to work for me.

Sloan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 8, 2022

What does the link say? What do you mean by Azure/Windows Defender security?

Ernest Dudley
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 28, 2022

I'm getting flagged through Nessus. I downloaded the latest crowd version (5.0.0) and Nessus is flagging the Log4j package (1.2.17) as being an unsupported version of Log4j. Just an FYI, see: https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events