Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1xcjhmLWNqdzctODM4bc4AA5L-

Mattermost Jira Plugin does not properly check security levels

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

Permalink: https://github.com/advisories/GHSA-qr8f-cjw7-838m
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xcjhmLWNqdzctODM4bc4AA5L-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 21 days ago
Updated: 21 days ago


CVSS Score: 3.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

Identifiers: GHSA-qr8f-cjw7-838m, CVE-2024-24774
References:

Affected Packages

go:github.com/mattermost/mattermost-plugin-jira
Versions: < 4.0.0-rc1
Fixed in: 4.0.0-rc1