CVE-2015-8481
published 2016-01-08CVE-2015-8481: Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user…
low3.1CVSS 3.0
AVNACHPRLUINSUCLINAN
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira_core | — | — |
| atlassian | jira_server | — | — |
| atlassian | jira_service_desk | — | — |