PT-2016-3907 · Atlassian · Jira+2
Paulo Miguel
·
Published
2016-01-08
·
Updated
2022-03-28
·
CVE-2015-8481
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Atlassian JIRA Software version 7.0.3
Atlassian JIRA Core version 7.0.3
Atlassian JIRA Service Desk version 3.0.3
Description
The issue allows remote attackers to potentially obtain sensitive information by updating a different issue that includes wiki markup for an external image reference, when a user views an issue with inline wiki markup referencing an image attachment. This occurs because the wrong image is attached to e-mail notifications.
Recommendations
For Atlassian JIRA Software version 7.0.3, update to a version that fixes the issue of attaching the wrong image to e-mail notifications.
For Atlassian JIRA Core version 7.0.3, update to a version that fixes the issue of attaching the wrong image to e-mail notifications.
For Atlassian JIRA Service Desk version 3.0.3, update to a version that fixes the issue of attaching the wrong image to e-mail notifications.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jira Core
Jira Service Desk Server
Jira