CVE-2021-43944

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.13.15 Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.2

Description The issue is related to a security improvement in the way that Jira Server and Data Center use templates. Affected versions allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature.

Recommendations For versions prior to 8.13.15, update to version 8.13.15 or later. For versions 8.14.0 through 8.20.2, update to version 8.20.3 or later. As a temporary workaround, consider restricting access to the Email Templates feature until a patch is available.