On a 0-day exploit in the popular Java logging library log4j (version 2) was discovered. This results in Remote Code Execution (RCE) by logging a certain string. The exploit has been published under CVE-2021-44228. A related vulnerability CVE-2021-45046 was discovered on .

Summary

  • Atlassian Cloud is not affected.

  • Atlassian Server and Data Center are potentially endangered if a non-default configuration is in place.

  • Watch out for Elasticsearch as this is bundled with Bitbucket.

Support Customers

If you are a Support Customer please read this summary for support customers.

You are a support customer if your company has a support contract active with the K15t support team.

License Customers

If you are a License Customer please read this summary for license customers.

You are a license customer if your company has licensed Atlassian software or Atlassian Marketplace apps through our license team.


The K15t team,
December, 14 2021