This applies to all Atlassian products that may use the commons collections:
There is a longstanding, unpatched unserialize vulnerability in the commons-collections Java library that allows remote code execution. More details here: http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#thevulnerability
Only JIRA instances with a Data Center license are vulnerable through ehcache RMI, which is used for clustering, and by default listens on port 40001. Ensure that you only permit cluster nodes to connect to a JIRA Data Center instance's ehcache RMI port through the use of a firewall and/or network segregation.