CVE-2015-8481 Information

Description

Atlassian JIRA Software 7.0.3 JIRA Core 7.0.3 and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

http://www.securityfocus.com/bid/79381 https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html https://jira.atlassian.com/browse/JRA-47557

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.1