First published: Thu Jan 06 2022(Updated: )
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
Credit: security@atlassian.com security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian Data Center | <8.13.15 | |
Atlassian JIRA | <8.13.15 | |
Atlassian Jira Data Center | >=8.14.0<8.20.3 | |
Atlassian Jira Server | >=8.14.0<8.20.3 | |
<8.13.15 | ||
<8.13.15 | ||
>=8.14.0<8.20.3 | ||
>=8.14.0<8.20.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43947 is a Remote Code Execution (RCE) vulnerability in the Email Templates feature of Atlassian Jira Server and Data Center.
CVE-2021-43947 has a severity rating of 7.2, which is considered critical.
Versions up to and excluding 8.13.15 of Atlassian Jira Server and Data Center are affected.
Remote attackers with administrator privileges can exploit CVE-2021-43947 to execute arbitrary code.
Yes, Atlassian has provided a fix for CVE-2021-43947. It is recommended to upgrade to a version that is not affected.