Uploaded image for project: 'Jira Platform Cloud'
  1. Jira Platform Cloud
  2. JRACLOUD-47557

JIRA is sending attachments of unrelated issues on notifications received by e-mail

XMLWordPrintable

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      Atlassian Status as of 9 December 2015

      Hi everyone,

      Thanks for your attention and patience. We have worked to identify the root cause of this issue and provide a fix as soon as possible.

      We have released JIRA Core 7.0.4 which contains a fix for this security vulnerability. We recommend that anyone currently using JIRA 7.0.3 upgrade as soon as possible. There are more details available in the security advisory here.

      At this point we consider this issue resolved. If you have any questions, please contact Atlassian Support.

      Regards,

      Oswaldo Hernández.
      JIRA Bugmaster.
      [Atlassian].

      Summary

      When an issue receives an update and an e-mail notification is sent to users about the updates or changes, and the update contains a wiki markup inline reference to an external image. The email sent will be attached with an internal image from another unrelated issue in the JIRA instance instead of the external image.

      Environment

      Cloud Environment / JIRA Server 7.0.3

      Steps to Reproduce

      • User A views an issue X with an inline wiki markup reference to an image attachment.
      • User B comments / updates another issue Y and includes an external image reference via wiki markup.
      • An email notification is sent for the change made to Y.
      • [BUG] The notification email will display the internal image attached to Issue A instead of the external image.

      Expected Results

      Email notifications should not include attachments that have not been referenced in the change to the JIRA issue in question

      Actual Results

      Users receive email notifications containing attachments of unrelated issues instead of the one that was meant to be in the notification.

      Notes

      More details available at the security advisory

      Workaround

      N/A

        1. 10 of you.gif
          10 of you.gif
          40 kB
        2. 2015-11-30_1517.png
          2015-11-30_1517.png
          67 kB

              Unassigned Unassigned
              pmiguel Paulo Miguel (Inactive)
              Votes:
              28 Vote for this issue
              Watchers:
              31 Start watching this issue

                Created:
                Updated:
                Resolved: