CVE-2024-2445: Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to…

medium6.1CVSS 3.1

AVNACLPRNUIRSCCLILAN

Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks against the users of the Mattermost server.

Affected

8 ranges

Vendor	Product	Version range	Fixed in
mattermost	mattermost	8.1.0 – 8.1.9	—
mattermost	mattermost	9.2.0 – 9.2.5	—
mattermost	mattermost	9.3.0 – 9.3.1	—
mattermost	mattermost	9.4.0 – 9.4.2	—
mattermost	mattermost_server	>= 8.1.0 < 8.1.10	8.1.10
mattermost	mattermost_server	>= 9.2.0 < 9.2.6	9.2.6
mattermost	mattermost_server	>= 9.3.0 < 9.3.2	9.3.2
mattermost	mattermost_server	>= 9.4.0 < 9.4.3	9.4.3