An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1xcjhmLWNqdzctODM4bc4AA5L-

Mattermost Jira Plugin does not properly check security levels

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 21 days ago
Updated: 21 days ago

CVSS Score: 3.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

Identifiers: GHSA-qr8f-cjw7-838m, CVE-2024-24774

Affected Packages
Versions: < 4.0.0-rc1
Fixed in: 4.0.0-rc1