Mattermost Jira Plugin does not properly check security levels

GHSA-qr8f-cjw7-838m · BIT-mattermost-2024-24774 · CVE-2024-24774 · GO-2024-2540

Published Feb 9, 2024 · Modified Nov 18, 2024

Description

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-24774
WEB https://github.com/mattermost/mattermost-plugin-jira/commit/5f5e084d169bf6b82d5c46a7a7eb033e1a01c6de
WEB https://mattermost.com/security-updates
PACKAGE mattermost/mattermost-plugin-jira

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes