Github.Com Mattermost Mattermost-Plugin-Jira vulnerabilities

CVE-2025-14273 [HIGH] CWE-303 Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated

CVE-2024-24774 [MEDIUM] CWE-863 Mattermost Jira Plugin does not properly check security levels Mattermost Jira Plugin does not properly check security levels Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

CVE-2024-23319 [LOW] CWE-352 Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.