vulnerability

JIRA Security Advisory 2015-12-09: JIRA may send emails with incorrect attachments

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:P/I:N/A:N)	Jan 8, 2016	Sep 1, 2016	Oct 30, 2017

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:N/A:N)

Published

Jan 8, 2016

Added

Sep 1, 2016

Modified

Oct 30, 2017

Description

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.

Solution

atlassian-jira-upgrade-7_0_4

References

BID-79381
CVE-2015-8481
https://attackerkb.com/topics/CVE-2015-8481
URL-http://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html
URL-http://jira.atlassian.com/browse/JRA-47557

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today