CVE-2021-43947

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.13.15, and versions 8.14.0 through 8.20.3.

Description The issue allows remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This problem bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665.

Recommendations For versions prior to 8.13.15, and versions 8.14.0 through 8.20.3, update to a version that contains the fix for this issue. As a temporary workaround, consider disabling the Email Templates feature until a patch is available. Restrict access to the Email Templates feature to minimize the risk of exploitation.