CVE-2015-8481

Name: CVE-2015-8481
Creator: NVD / NIST
Published: 2016-01-08T19:59:13.287+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.26%

Last modified Jun 17, 2026

CVE-2015-8481 is a vulnerability of currently unknown severity. Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.. EPSS estimates a 1.26% chance of exploitation in the next 30 days.

Description

Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.

Metrics

EPSS Probability

1.26%

65.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Atlassian	Jira Core	7.0.3
Atlassian	Jira Server	7.0.3
Atlassian	Jira Service Desk	3.0.3

References

http://www.securityfocus.com/bid/79381
https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.htmlVendor Advisory
https://jira.atlassian.com/browse/JRA-47557Vendor Advisory
http://www.securityfocus.com/bid/79381
https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.htmlVendor Advisory
https://jira.atlassian.com/browse/JRA-47557Vendor Advisory

Timeline

Published: Jan 8, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-8481?

How severe is CVE-2015-8481?

Severity scoring for CVE-2015-8481 is pending analysis. The EPSS model estimates a 1.26% probability of exploitation in the next 30 days.

How do I fix CVE-2015-8481?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-8481?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST