Skip to content

Mattermost Jira Plugin does not properly check security levels

Low severity GitHub Reviewed Published Feb 9, 2024 to the GitHub Advisory Database • Updated Aug 7, 2024

Package

gomod github.com/mattermost/mattermost-plugin-jira (Go)

Affected versions

< 4.0.0-rc1

Patched versions

4.0.0-rc1

Description

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

References

Published by the National Vulnerability Database Feb 9, 2024
Published to the GitHub Advisory Database Feb 9, 2024
Reviewed Feb 9, 2024
Last updated Aug 7, 2024

Severity

Low

EPSS score

0.045%
(15th percentile)

Weaknesses

CVE ID

CVE-2024-24774

GHSA ID

GHSA-qr8f-cjw7-838m

Source code

mattermost/mattermost-plugin-jira
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.