I am following for the same issue… found below info on community page regarding this vulnerability.
https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ Thanks & Regards, Kritesh On Sun, Dec 12, 2021 at 9:27 AM [email protected] <[email protected]> wrote: > Hi All, > > I am looking for any information relating to whether the Zero Days CVE has > any impact on Jenkins or Plugins. We do know that the java.util.logging is > built on log4j, but do not know whether protections are in place to prevent > this vulnerability from being exploited, and where. For example, could a > command in a pipeline trigger this vulnerability. > > This is a somewhat urgent request. > > Thanks, > Randall > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/4e157a13-bfba-425a-81ae-b93cdd845f9dn%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/4e157a13-bfba-425a-81ae-b93cdd845f9dn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAPhsgOZJ4vfK0YbgeyFj0KjazVLaQk%3DkT5UKxGYM_%3DEZJWqg_Q%40mail.gmail.com.
