CVE-2015-8481
LOWAtlassian JIRA Software/JIRA Core/JIRA Service Desk <7.0.3 - Info D...
Title source: llmDescription
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/79381
Vendor Advisory x_refsource_confirm
https://jira.atlassian.com/browse/JRA-47557
Vendor Advisory x_refsource_confirm
https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html
Scores
CVSS v3
3.1
EPSS
0.0035
EPSS Percentile
57.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
atlassian/jira_core
7.0.3
atlassian/jira_server
7.0.3
atlassian/jira_service_desk
3.0.3
Published
Jan 08, 2016
Tracked Since
Feb 18, 2026