Details
-
Bug
-
Resolution: Fixed
-
Highest
Description
NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.
Hi everyone,
Thanks for your attention and patience. We have worked to identify the root cause of this issue and provide a fix as soon as possible.
We have released JIRA Core 7.0.4 which contains a fix for this security vulnerability. We recommend that anyone currently using JIRA 7.0.3 upgrade as soon as possible. There are more details available in the security advisory here.
At this point we consider this issue resolved. If you have any questions, please contact Atlassian Support.
Regards,
Oswaldo Hernández.
JIRA Bugmaster.
[Atlassian].
Summary
When an issue receives an update and an e-mail notification is sent to users about the updates or changes, and the update contains a wiki markup inline reference to an external image. The email sent will be attached with an internal image from another unrelated issue in the JIRA instance instead of the external image.
Environment
Cloud Environment / JIRA Server 7.0.3
Steps to Reproduce
- User A views an issue X with an inline wiki markup reference to an image attachment.
- User B comments / updates another issue Y and includes an external image reference via wiki markup.
- An email notification is sent for the change made to Y.
- [BUG] The notification email will display the internal image attached to Issue A instead of the external image.
Expected Results
Email notifications should not include attachments that have not been referenced in the change to the JIRA issue in question
Actual Results
Users receive email notifications containing attachments of unrelated issues instead of the one that was meant to be in the notification.
Notes
More details available at the security advisory
Workaround
N/A
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
- is related to
-
-
- Closed
-