CVE-2015-8481

low-risk

Published 2016-01-08

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.

Do I need to act?

0.35% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.1/10 Low

NETWORK / HIGH complexity

Affected Products (3)

Jira Core

Jira Server

Jira Service Desk

Affected Vendors

Atlassian

References (6)

http://www.securityfocus.com/bid/79381

Vendor Advisory https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-79230779...

Vendor Advisory https://jira.atlassian.com/browse/JRA-47557

http://www.securityfocus.com/bid/79381

Vendor Advisory https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-79230779...

Vendor Advisory https://jira.atlassian.com/browse/JRA-47557

/ 100

low-risk

Severity 11/34 · Low

Exploitability 1/34 · Minimal

Exposure 9/34 · Low