CVE-2015-8481 — LOW (3.1) — White Hats Nepal

Vulnerability Description

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.

CVSS Score

3.1

LOW

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Atlassian	Jira Core	7.0.3
Atlassian	Jira Server	7.0.3
Atlassian	Jira Service Desk	3.0.3

Related Weaknesses (CWE)

CWE-200

References

http://www.securityfocus.com/bid/79381
https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-79230779Vendor Advisory
https://jira.atlassian.com/browse/JRA-47557Vendor Advisory
http://www.securityfocus.com/bid/79381
https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-79230779Vendor Advisory
https://jira.atlassian.com/browse/JRA-47557Vendor Advisory

FAQ

What is CVE-2015-8481?

CVE-2015-8481 is a vulnerability with a CVSS score of 3.1 (LOW). Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup re...

How severe is CVE-2015-8481?

CVE-2015-8481 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8481?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira Core, Atlassian Jira Server, Atlassian Jira Service Desk.