CVE-2015-8481

CWE-200 — Information Exposure3 documents3 sources

Severity

3.1LOW

EPSS

0.4%

top 42.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Core Atlassian Jira Server Atlassian Jira Service Desk

Timeline

PublishedJan 8

Latest updateMay 13

Description

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages3 packages

▶NVDatlassian/jira_service_desk3.0.3

▶NVDatlassian/jira_core7.0.3

▶NVDatlassian/jira_server7.0.3

🔴Vulnerability Details

GHSA

GHSA-9w67-5jpv-rm8v: Atlassian JIRA Software 7↗2022-05-13

▶

CVEList

CVE-2015-8481: Atlassian JIRA Software 7↗2016-01-08

▶