In case you host your own infra, and I guess the @it-team does, please have a look at the above. A public exploit is already available, luckily, also the patches 
This is mostly important for shared systems, since local access is needed.
The tzmc1 system is patched (which hosts the forum and Jitsi).