Atlassian has dropped a patch for a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products. The bug could enable remote, unauthenticated attackers to execute arbitrary code. The vulnerability has to do with a missing authentication check in Jira s implementation of Ehcache, an open-source, Java distributed cache for general-purpose caching, Java EE and lightweight containers. Atlassian is a platform used by 180,000 customers to engineer software and manage projects.
Source: https://threatpost.com/atlassian-critical-jira-flaw/168053/