CVE-2015-8481
low
CVSS v3
3.1
CVSS v2
3.5
VIR risk
3.1
Description
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.
Predictions
Exploit likelihood
42%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://jira.atlassian.com/browse/JRA-47557
Vendor advisory: cve@mitre.org — https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| atlassian | jira_core | 7.0.3 | |
| atlassian | jira_server | 7.0.3 | |
| atlassian | jira_service_desk | 3.0.3 | |
References
- http://www.securityfocus.com/bid/79381
- https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html
- https://jira.atlassian.com/browse/JRA-47557
- http://www.securityfocus.com/bid/79381
- https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html
- https://jira.atlassian.com/browse/JRA-47557
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.