CVE-2024-24774
published 2024-02-09CVE-2024-24774: Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription…
medium4.1CVSS 3.1
AVNACLPRHUINSCCLINAN
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | mattermost_mattermost-plugin-jira | >= 0 < 4.0.0-rc1 | 4.0.0-rc1 |
| mattermost | mattermost | <= 8.1.7 | — |
| mattermost | mattermost_server | <= 8.1.7 | — |