Some of the OnPremises Atlassian products has been also affected by Log4j Vulnerability whereas all the Cloud Products of Atlassian has been applied patches to mitigate for this Vulnerability and as of now there has been no expose of data from Atlassian Cloud which has been confirmed the Altassian security Team. Atlassian Products like Bamboo Server and Data Center, Confluence Server, Crowd Server, Fisheye,Crucible and Jira Server has been affected by this Vulnerability as they use a fork of Log4j 1.2.17 version. Though the chance is very remote to exploit these vulnerability in the Log4j 1.2.17 version..it can be exploited by a trusted third party.So detailed Mitigation steps have been released for this vulnerability
| Atlassian Product | Version | ||
|---|---|---|---|
| Bamboo Server & Data Center | On prem | Vulnerable | Mitigation |
| BitBucket Server | On prem | Vulnerable | Mitigation |
| Confluence Server & Data Center | On prem | Vulnerable | Mitigation |
| Crowd Server & Data Center | On prem | Vulnerable | Mitigation |
| Crucible | On prem | Vulnerable | Mitigation |
| Fisheye | On prem | Vulnerable | Mitigation |
| Jira Server & Data Center | On prem | Vulnerable | Mitigation |
Detailed Mitigation steps have been provided for mitigating this Vulnerability in Atlassian products as of now in the above link which is needed onlywhen JMS Appender has been configured with a JNDI lookup to a third party otherwise those mitigation steps are not needed.