Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xcjhmLWNqdzctODM4bc4AA5L-
Mattermost Jira Plugin does not properly check security levels
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
Permalink: https://github.com/advisories/GHSA-qr8f-cjw7-838mJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xcjhmLWNqdzctODM4bc4AA5L-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 10 months ago
Updated: 14 days ago
CVSS Score: 3.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
Identifiers: GHSA-qr8f-cjw7-838m, CVE-2024-24774
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-24774
- https://mattermost.com/security-updates
- https://github.com/mattermost/mattermost-plugin-jira/commit/5f5e084d169bf6b82d5c46a7a7eb033e1a01c6de
- https://github.com/advisories/GHSA-qr8f-cjw7-838m
Blast Radius: 0.0
Affected Packages
go:github.com/mattermost/mattermost-plugin-jira
Dependent packages: 0Dependent repositories: 1
Downloads:
Affected Version Ranges: < 4.0.0-rc1
Fixed in: 4.0.0-rc1
All affected versions: 0.1.1, 0.1.2, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.1.1
All unaffected versions: