Template Injection in Email Templates leads to RCE on Jira Service Management Server

Affected versions of Atlassian Jira Service Management Server and Data Center allows JIRA Administrators to execute arbitrary system commands via a template injection in the endpoint /admin/EmailTemplatesSettings!default.jspa.

The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0.

Affected versions:

• version < 8.13.19
• 8.14.0 ≤ version < 8.20.7
• 8.21.0 ≤ version < 8.22.1
• 8.23.0 ≤ version < 9.0.0

Fixed versions:

• 8.13.19
• 8.20.7
• 8.22.1
• 9.0.0