WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8481)

Description

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.

Remediation

References

Related Vulnerabilities

Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14280)

WordPress Plugin JW Player 6 Cross-Site Scripting (2.1.14)

Internet Information Services Other Vulnerability (CVE-2002-0149)

WordPress Plugin Add Product Tabs for WooCommerce Security Bypass (1.4.2)

Apache HTTP Server Other Vulnerability (CVE-2006-4110)

Severity

Low

Classification

CVE-2015-8481 CWE-200 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities