Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8481)

Description

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.

Remediation

References

Related Vulnerabilities

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6212)

Apache Denial of service in mod_lua r:parsebody Vulnerability (CVE-2022-29404)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0067)

WordPress Plugin WP Coder-add custom html, css and js code SQL Injection (2.5.3)

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.23)

Severity

Low

Classification

CVE-2015-8481 CWE-200 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities