Hi Kritesh, Thank you for this info.
The problem with that example is that Apache java.util.logging is built on top of Log4j but does not identify as such. I am not convinced that this test is sufficient. Sincerely, Randall On Sunday, December 12, 2021 at 11:34:15 a.m. UTC-5 [email protected] wrote: > I am following for the same issue… found below info on community page > regarding this vulnerability. > > https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ > > > Thanks & Regards, > Kritesh > > On Sun, Dec 12, 2021 at 9:27 AM [email protected] <[email protected]> > wrote: > >> Hi All, >> >> I am looking for any information relating to whether the Zero Days CVE >> has any impact on Jenkins or Plugins. We do know that the java.util.logging >> is built on log4j, but do not know whether protections are in place to >> prevent this vulnerability from being exploited, and where. For example, >> could a command in a pipeline trigger this vulnerability. >> >> This is a somewhat urgent request. >> >> Thanks, >> Randall >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/4e157a13-bfba-425a-81ae-b93cdd845f9dn%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-users/4e157a13-bfba-425a-81ae-b93cdd845f9dn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/16648c2a-5c52-484d-9d33-ac1bf77243d9n%40googlegroups.com.
