Atlassian Jira Template Injection Vulnerability Remote OS Command Injection Exploit

Server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. If an SMTP server has been configured, then an unauthenticated user can execute code on vulnerable systems using the ContactAdministrators action if the "Contact Administrators Form" is enabled; or an authenticated user can execute code on vulnerable systems using the SendBulkMail action if the user has "JIRA Administrators" access.
Platform: 
Vulnerabilty ID: 
CVE-2019-11581
Released Date: 
Thursday, August 1, 2019 - 19:00