https://www.bleepingcomputer.com/news/security/jira-server-and-service-desk-fix-critical-security-bugs/

Atlassian released updates for Jira Service Desk and Jira Service Desk Data Center to fix a critical-severity security bug that can be exploited by anyone with access to a vulnerable customer portal.

The company patched another critical vulnerability affecting Jira Server and Jira Data Center that allows server-side template injection leading to remote code execution.