CVE-2021-39115

Name of the Vulnerable Software and Affected Versions Atlassian Jira Service Management Server and Data Center versions prior to 4.13.9 Atlassian Jira Service Management Server and Data Center versions 4.14.0 through 4.18.0

Description The issue allows remote attackers with Jira Administrators access to execute arbitrary Java code or run arbitrary system commands via a Server Side Template Injection vulnerability in the Email Template feature.

Recommendations For versions prior to 4.13.9, update to version 4.13.9 or later. For versions 4.14.0 through 4.18.0, update to a version after 4.18.0. As a temporary workaround, consider restricting access to the Email Template feature to minimize the risk of exploitation.