FWIW, Jenkins does not use Log4j. Some plugins may, and there's a quick way to determine if it does. Go to the script console, enter in "org.apache.logging.log4j.core.lookup.JndiLookup.class.protectionDomain.codeSource" (without the quotes) and if it returns "groovy.lang.MissingPropertyException: No such property: org for class: Script1" then you are not affected.
See https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-4...