Sonarqube:9.2.4-community which has log4j 2.17.0 and it’s shows it’s vulnerable to CVE-2021-44832 in below link https://nvd.nist.gov/vuln/detail/CVE-2021-44832 Can you please check if it’s vulnerable and how can we mitigate it. Thanks

Using Sonarqube 9.2.4, which has log4j 2.17.0 and it's vulnerable to CVE-2021-44832 in below link

kshitizsh12 (kshitiz) January 11, 2022, 4:38pm 3

Hi, Thanks for the reply.

But it doesn’t provide any new information where it says it’s not vulnerable to the threat.
Can we have more info on the same or when the patch or updated versions would be coming.

Topic		Replies	Views
SonarQube and CVE-2021-44228 SonarQube Server / Community Build sonarqube , security	3	4645	December 10, 2021
Is sonarqube 7.9.5 vulnerable to (CVE-2021-44228) log4j vulnerabilities SonarQube Server / Community Build sonarqube	20	4495	December 29, 2021
SonarQube, SonarCloud, and the Log4J vulnerability Sonar Updates	163	86401	October 11, 2022
CVE-2021-42550 Vulnerable logback version 1.2.7 in SonarQube 8.9.6 SonarQube Server / Community Build sonarqube , security	6	1249	March 9, 2022
Hi, We have now the latest version of Sonaeqube 8.9.5 LTS but the log4j version is on 2.16. Is there any plan to upgrade log4j to 2.17. Is log4j version 2.16 are vulnerable? SonarQube Server / Community Build 8-9-lts-upgrade	2	1324	December 22, 2021

Using Sonarqube 9.2.4, which has log4j 2.17.0 and it's vulnerable to CVE-2021-44832 in below link

Related topics