Currently we have no formal announcement from Atlassian. I would indeed take a look at the links provided by Stephen and keep a look out at the community as well.
Look for a formal announcement from Atlassian, however my findings are as follows:
This CVE is for jsonwebtoken <= 8.5.1.
Atlassian have written their own library for JWT (atlassian-jwt) which does not depend on jsonwebtoken, so likely this is what they use internally in their own apps*
Apps built on the Atlassian Connect Express (ACE) framework use atlassian-jwt and are therefore should not be affected
Running npm list -a on an ACE-based app's source code shows no dependency on jsonwebtoken
* I say "likely" here as I have no real way of knowing what they do internally, so again, look for a formal announcement from Atlassian.
