CVE-2022-36799: 
JIRA vulnerability analysis and mitigation

A security vulnerability was identified in Atlassian Jira Server and Data Center that allowed remote attackers with system administrator permissions to execute arbitrary code. The vulnerability (CVE-2022-36799) was discovered and documented as a template injection issue in the Email Templates feature, which could lead to Remote Code Execution (RCE). The affected versions include systems before version 8.13.19, versions from 8.14.0 before 8.20.7, and versions from 8.21.0 before 8.22.1 (Atlassian Jira).

The vulnerability stems from a security weakness in how Jira Server and Data Center handle templates, specifically involving the XStream library's interaction with velocity templates. The issue allowed for template injection attacks that could result in arbitrary code execution. The vulnerability has been assigned a CVSS Score of 7.2, categorizing it as High severity (Atlassian Jira).

The vulnerability could allow attackers with system administrator permissions to execute arbitrary code on affected systems through the Email Templates feature. This could potentially lead to unauthorized access and control of the affected Jira Server and Data Center installations (NVD).

Atlassian has addressed this vulnerability by implementing security improvements in the way templates are handled. Fixed versions have been released: 8.13.19, 8.20.7, and 8.22.1. Users are advised to upgrade to these patched versions to protect against potential exploitation (Atlassian Jira).