CVE-2015-8481 - OpenCVE

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Atlassian	Jira Core Jira Server Jira Service Desk

Configuration 1 [-]

cpe:2.3:a:atlassian:jira_core:7.0.3:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:atlassian:jira_server:7.0.3:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:atlassian:jira_service_desk:3.0.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/79381
https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html
https://jira.atlassian.com/browse/JRA-47557

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-01-08T19:00:00

Updated: 2024-08-06T08:20:42.871Z

Reserved: 2015-12-07T00:00:00

Link: CVE-2015-8481

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2016-01-08T19:59:13.287

Modified: 2022-03-28T13:04:44.370

Link: CVE-2015-8481

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-01-08T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "79381", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/79381"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jira.atlassian.com/browse/JRA-47557"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8481", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "79381", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79381"}, {"name": "https://jira.atlassian.com/browse/JRA-47557", "refsource": "CONFIRM", "url": "https://jira.atlassian.com/browse/JRA-47557"}, {"name": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html", "refsource": "CONFIRM", "url": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:20:42.871Z"}, "title": "CVE Program Container", "references": [{"name": "79381", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/79381"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jira.atlassian.com/browse/JRA-47557"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8481", "datePublished": "2016-01-08T19:00:00", "dateReserved": "2015-12-07T00:00:00", "dateUpdated": "2024-08-06T08:20:42.871Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira_core:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6D616111-3B1D-4340-95F3-3B1D4F4B6750", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira_server:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "50F079A2-E223-4712-AB59-E9DB54E9863A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira_service_desk:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "6F4A2A48-57CE-42D2-93B9-149B0361223E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference."}, {"lang": "es", "value": "Atlassian JIRA Software 7.0.3, JIRA Core 7.0. 3 y el instalador de paquete JIRA Service Desk 3.0.3 anexa la imagen incorrecta a notificaciones de correo cuando un usuario ve un problema con el wikitexto en l\u00ednea que hace referencia a una imagen adjunta, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible actualizando un problema diferente que incluye wikitexto para una referencia de imagen externa."}], "id": "CVE-2015-8481", "lastModified": "2022-03-28T13:04:44.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-08T19:59:13.287", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/79381"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRA-47557"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}