BIT-mattermost-2024-24774

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/mattermost/BIT-mattermost-2024-24774.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-mattermost-2024-24774

Aliases

CVE-2024-24774
GHSA-qr8f-cjw7-838m
GO-2024-2540

Published

2024-03-06T10:55:47.678Z

Modified

2024-06-28T15:58:40.354989Z

Summary

[none]

Details

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

References

https://mattermost.com/security-updates

Affected packages

Bitnami / mattermost

Package

Name: mattermost
Purl: pkg:bitnami/mattermost

Severity

4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.7