Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery

GHSA-4fp6-574p-fc35 · BIT-mattermost-2024-23319 · CVE-2024-23319 · GO-2024-2539

Published Feb 9, 2024 · Modified Mar 18, 2024

Description

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-23319
WEB https://github.com/mattermost/mattermost-plugin-jira/commit/f4cf4c6de017ef6aa4428d393b78f418dd84cd8e
PACKAGE https://github.com/mattermost/mattermost-plugin-jira
WEB https://mattermost.com/security-updates
WEB https://pkg.go.dev/vuln/GO-2024-2539

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes