Affected versions of Atlassian Jira Service Management Server and Data Center allows JIRA Administrators to execute arbitrary system commands via a template injection in the endpoint /admin/EmailTemplatesSettings!default.jspa.

The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0.

Affected versions:

• version < 8.13.19
• 8.14.0 ≤ version < 8.20.7
• 8.21.0 ≤ version < 8.22.1
• 8.23.0 ≤ version < 9.0.0

Fixed versions:

• 8.13.19
• 8.20.7
• 8.22.1
• 9.0.0