Is Jenkins vulnerable to the log4j CVE-2021-44228

dch · December 10, 2021, 9:56pm

Does anyone know if Jenkins is vulnerable to the new major log4j CVE:

CVE-2021-44228

NVD - CVE-2021-44228

If so, are there any workarounds or what can we do to mitigate any risk from this CVE?

I hope that this is the right place to ask this, if not, please let me know and I can go there.

halkeye · December 10, 2021, 11:28pm

short answer: no

Annoucment from security team

Mailing list its worth being on: https://groups.google.com/g/jenkinsci-advisories/c/TIoxWbIao4M

halkeye · December 10, 2021, 11:28pm

Also Apache Log4j 2 vulnerability CVE-2021-44228

Topic		Replies	Views
Apache Log4j 2 vulnerability CVE-2021-44228 Blog & News	13	13114	January 22, 2022
CVE-2024-23897 is vulnerable for jenkins 2.263.1 Using Jenkins question , jenkinsfile	3	490	February 1, 2024
Apache Commons Text vulnerability CVE-2022-42889 Ask a question	3	2294	October 21, 2022
CVE-2024-23898, CVE-2023-27899 and CVE-2023-43496 vulnerabilities on jenkins/jenkins:2.448-alpine-jdk17 Community question	7	531	March 13, 2024
How to resolve log4j vulnerabilities Ask a question	2	2214	January 21, 2022

Is Jenkins vulnerable to the log4j CVE-2021-44228

Related topics