CVE-2021-43947: Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code…

high7.2CVSS 3.1

AVNACLPRHUINSUCHIHAH

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.

Affected

10 ranges

Vendor	Product	Version range	Fixed in
atlassian	data_center	< 8.13.15	8.13.15
atlassian	jira	< 8.13.15	8.13.15
atlassian	jira_data_center	>= 8.14.0 < unspecified	unspecified
atlassian	jira_data_center	>= 8.14.0 < 8.20.3	8.20.3
atlassian	jira_data_center	>= unspecified < 8.13.15	8.13.15
atlassian	jira_data_center	>= unspecified < 8.20.3	8.20.3
atlassian	jira_server	>= 8.14.0 < unspecified	unspecified
atlassian	jira_server	>= 8.14.0 < 8.20.3	8.20.3
atlassian	jira_server	>= unspecified < 8.13.15	8.13.15
atlassian	jira_server	>= unspecified < 8.20.3	8.20.3