New Log4Shell (CVE-2021-44228) probe for Jenkins Health Advisor plugin by CloudBees

[Arnaud Héritier]

Hi community,

If you are using the Jenkins Health Advisor plugin by CloudBees ( https://plugins.jenkins.io/cloudbees-jenkins-advisor/ ) we just added a probe to detect when the Controller JVM has a log4j artifact impacted by #Log4Shell (CVE-2021-44228) in its open file descriptors.

If you see it reporting a problem not listed under https://issues.jenkins.io/issues/?jql=labels%20%3D%20CVE-2021-44228 please report it.

Thanks

--

Arnaud Héritier

Twitter/GitHub/... : aheritier

[Mark Waite]

On Tuesday, December 14, 2021 at 9:23:51 AM UTC-7 Arnaud Héritier wrote:

Hi community,

If you are using the Jenkins Health Advisor plugin by CloudBees ( https://plugins.jenkins.io/cloudbees-jenkins-advisor/ ) we just added a probe to detect when the Controller JVM has a log4j artifact impacted by #Log4Shell (CVE-2021-44228) in its open file descriptors.

If you see it reporting a problem not listed under https://issues.jenkins.io/issues/?jql=labels%20%3D%20CVE-2021-44228 please report it.

I'm a very happy user of the Jenkins Health Advisor.  Highly recommended as a way to get email advice from Jenkins experts.  See https://www.youtube.com/watch?v=p_suN31OIAg for a video introduction to Health Advisor.