confluence.atlassian.com Open in urlscan Pro
2600:9000:2156:9000:15:77aa:5e80:93a1  Public Scan

Form analysis
2 forms found in the DOM

<form><span class="fieldset">
    <p><input type="checkbox" value="check" id="chkMain" checked="" class="legacy-group-status optanon-status-checkbox"><label for="chkMain">Active</label></p>
  </span></form>

<form>
  <radiogroup>
    <div class="reason-radio-box">
      <label><input type="radio" name="was-this-helpful-no-reason" value="It wasn't accurate"> It wasn't accurate</label>
    </div>
    <div class="reason-radio-box">
      <label><input type="radio" name="was-this-helpful-no-reason" value="It wasn't clear"> It wasn't clear</label>
    </div>
    <div class="reason-radio-box">
      <label><input type="radio" name="was-this-helpful-no-reason" value="It wasn't relevant"> It wasn't relevant</label>
    </div>
  </radiogroup>
</form>

Text Content

Cookie Notice

This site uses cookies to improve your browsing experience, perform analytics
and research, and conduct advertising. To change your preferences, click Cookie
Settings. Otherwise, clicking on the the website, closing the banner, or
clicking Accept all Cookies indicates you agree to our use of cookies on your
device. Atlassian Cookies and Tracking Notice


Close
Accept all Cookies
Cookie Settings


 * Your Privacy

 * Strictly Necessary Cookies

 * Performance and Analytics Cookies

 * Functional Cookies

 * Targeting Cookies

 * Atlassian Cookies and Tracking Notice

Privacy Preference Centre

Active

Always Active



Save Settings

Allow All



 * Products
 * Resources

 * Search
 * Log in
 *  * View account
    * View requests
    * Log out

 * ...


PRODUCTS


 * JIRA SOFTWARE
   
   Project and issue tracking


 * JIRA SERVICE MANAGEMENT
   
   Service management and customer support


 * JIRA CORE
   
   Manage any business project


 * CONFLUENCE
   
   Document collaboration


 * BITBUCKET
   
   Git code management

See all


RESOURCES


 * DOCUMENTATION
   
   Usage and admin help


 * COMMUNITY
   
   Answers, support, and inspiration


 * SYSTEM STATUS
   
   Cloud services health


 * SUGGESTIONS AND BUGS
   
   Feature suggestions and bug reports


 * MARKETPLACE
   
   Product apps


 * BILLING AND LICENSING
   
   Frequently asked questions

 * Log out
 * Log in to account
 * List watched pages
 * Contact support
 * Evaluator resources
 * Training & Certification
 * Cloud Migration Center
 * GDPR guides
 * Enterprise services
 * Atlassian partners
 * Developers
 * User groups
 * Automation for Jira
 * Atlassian.com

 * PAGE

 * View in Confluence
 * Edit Page

 * VIEWPORT

 * Manage Viewport

 * CONFLUENCE

 * Dashboard
 * Space Directory
 * People Directory

Atlassian Knowledge Base

Documentation

Unable to load

 * Atlassian Support
 * Documentation
 * Atlassian Knowledge Base
 * FAQ for CVE-2021-44228




FAQ FOR CVE-2021-44228

ATLASSIAN KNOWLEDGE BASE

 * Application Links Troubleshooting Guide
 * Database Troubleshooting and How-to Guides
 * Best practices for performance troubleshooting tools
 * SSL/TLS Troubleshooting
 * Cross Product Knowledge
 * Proxying Atlassian Server applications
 * Atlassian Account Troubleshooting
 * Mapping Web Resources to Code
 * Subscribe to Proactive Announcements
 * How to capture HTTP traffic using Wireshark, Fiddler, or tcpdump
 * Cross Site Request Forgery (CSRF) protection changes in Atlassian REST
 * Purchased Add-ons feature is unavailable
 * Single Sign-on Integration with Atlassian products
 * Troubleshooting Services
 * Test disk access speed for a Java application
 * User Management Troubleshooting and How-To Guides
 * Atlassian login issues
 * JQL with OR results in error.
 * How to set the timezone for the Java environment
 * Websudo is disabled after migration from JIRA cloud to JIRA server
 * Health Check: Lucene index files location
 * Health Check: Thread Limit
 * Editor Window is Small After Upgrading where as the preview is Normal window
   size
 * Basic authentication fails for outgoing proxy in Java 8u111
 * All Atlassian knowledge base articles
 * Creating A Jira Administrator That Does Not Count Towards License
 * Users are unable to log in to JIRA (LDAP: error code 49, data 52e)
 * User unable to login into Crowd after Crowd was upgraded
 * How to use the Performance Data Collector
 * Ports used by Atlassian Applications
 * How to define Xmx based on GC logs
 * How to log in to my Atlassian cloud site for the first time
 * How to block access to a specific URL at Tomcat
 * User-installed apps health check fails in Data Center when configuring CDN
 * HTTP2 health check fails in Data Center when configuring CDN
 * How to configure Apache for caching and HTTP/2
 * How to Unsubscribe from Jira Server or Confluence Server apps on TestFlight
 * Unable to synchronize with Active Directory due to SSL requirement
 * Jira Align - Jira Connector pages do not load completely
 * Jira Align - Work In Process by Value Stream is missing work items
 * JVM is not reachable with jstat and jstack
 * Data pipeline troubleshooting
 * Using JDK 11 to develop apps with the Atlassian SDK is not yet supported
 * How to download Atlassian Marketplace apps through the command line
 * How to view Premier Support named contacts
 * Bidirectional characters warning in Atlassian products
 * FAQ for CVE-2021-42574
 * Jira is logging multiple cache flushes in the application logs
 * FAQ for CVE-2021-44228

ON THIS PAGE

STILL NEED HELP?

The Atlassian Community is here for you.

Ask the community


GENERAL INFORMATION

This page contains frequently asked questions and answers related to the
recently published remote code execution (RCE) vulnerability
affecting Log4j: https://www.lunasec.io/docs/blog/log4j-zero-day/




Are Cloud instances affected?

Our Security team is currently investigating the impact of the Log4j remote code
execution vulnerability (CVE-2021-44228) and determining any possible impacts. 




Is my on-premises Server/Data Center instance affected?

Our Security team is currently investigating the impact of the Log4j remote code
execution vulnerability (CVE-2021-44228) and determining any possible impact on
our on-premise products.

So far, we do not believe our on-premises products are vulnerable to
exploitation in their default configuration. However, if a you have modified the
default logging configuration (log4j.properties) to enable the JMS Appender
functionality, remote code execution may be possible in the following products
(Bitbucket Server & Data Center are not affected):

 * Jira Server & Data Center

 * Confluence Server & Data Center

 * Bamboo Server & Data Center

 * Crowd Server & Data Center

 * Fisheye

 * Crucible

You can check if you are vulnerable by inspecting the Log4j configuration file.
If you find a line containing the org.apache.log4j.net.JMSAppender, you may be
vulnerable. If you do not find a line containing the
org.apache.log4j.net.JMSAppender, you do not have this specific vulnerable
configuration.




How can I mitigate this exploit?

If you're using the functionality provided by JMS Appender we recommend you
mitigate the vulnerability as soon as possible by temporarily disabling any
configured appenders utilizing org.apache.log4j.JMSAppender by commenting out
the relevant lines in your Log4j configuration file and restarting the
application. In a Data Center environment, a rolling restart of the nodes is
sufficient after updating affected configuration files. 

The default location of the Log4j configuration file for each product is listed
in the table below:

Product

Default Path

Jira Server & Data Center

<install-directory>/atlassian-jira/WEB-INF/classes/log4.properties

Confluence Server & Data Center

<install-directory>/confluence/WEB-INF/classes/log4j.properties

Bamboo Server & Data Center

<install-directory>/atlassian-bamboo/WEB-INF/classes/log4j.properties

Fisheye / Crucible

<install-directory>/log4j.xml

Crowd

<install-directory>/crowd-webapp/WEB-INF/classes/log4j.properties
<install-directory>/crowd-openidclient-webapp/WEB-INF/classes/log4j.properties
<install-directory>/crowd-openidserver-webapp/WEB-INF/classes/log4j.properties




How can I tell if my system has been compromised?

Unfortunately, Atlassian cannot confirm if your instance has been compromised.
All security compromises are different, and we strongly recommend involving your
local security team or a specialist security forensics firm for further
investigation.




Last modified on Dec 11, 2021


Was this helpful?

Yes
No
It wasn't accurate
It wasn't clear
It wasn't relevant
Provide feedback about this article

Powered by Confluence and Scroll Viewport.
Atlassian
 * Privacy policy
 * Terms of use
 * Security
 * © 2021 Atlassian