We identified a potential vulnerability that could allow the exposure of system environment variables on Jira DC nodes.
This vulnerability is limited to Jira Data Center (DC) instances running versions below 10 and does not extend to other systems or versions built on newer Java platforms.
We acknowledge this as a known issue and recommend that users upgrade to Jira DC version 10 or above, which addresses this vulnerability by leveraging updated Java versions that prevent such exposures.
We assess that this vulnerability poses a limited threat to users, given the mitigations already in place and the restricted conditions under which it can be exploited.
For any concerns or additional questions regarding this matter, contact our support team.