Atlassian is sending an email to affected customers of its Jira Data Center products in an attempt to get as many as possible to upgrade to the latest versions of the software and away from vulnerable versions. Some of Jira’s Data Center products are vulnerable to CVE-2020-36239, a flaw in Jira’s implementation of Ehcache that could allow remote unauthenticated code execution. The security advisory lists the following products as vulnerable:
- Jira Data Center
- Jira Software Data Center
- Jira Core Data Center
- Jira Service Management Data Center
Non-Data Center instances of Jira Server, Jira Service Management, Jira Cloud and Jira Service Management Cloud customers are not affected. To learn which specific versions are vulnerable and which versions of each product to update to, please see Jira’s security advisory.