CVE-2025-14273
- Source
- https://cve.org/CVERecord?id=CVE-2025-14273
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14273.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-14273
- Aliases
- Downstream
- Related
- Published
- 2025-12-22T12:16:19.240Z
- Modified
- 2026-04-10T05:21:28.270212Z
- Severity
-
- 8.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows a valid user ID to issue authenticated GET and POST requests to the Jira server via crafted plugin payloads that spoof the user ID and inject arbitrary issue key paths. Mattermost Advisory ID: MMSA-2025-00555
- References
Affected packages
Git / github.com/mattermost/mattermost-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mattermost/mattermost-server
- Events
-
IntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "10.11.0" }, { "fixed": "10.11.8" }, { "introduced": "10.12.0" }, { "fixed": "10.12.4" }, { "introduced": "11.0.0" }, { "fixed": "11.0.6" }, { "introduced": "11.1.0" }, { "fixed": "11.1.1" } ] }
Affected versions
@mattermost/client@10.*
@mattermost/client@10.11.0
@mattermost/client@10.12.0
@mattermost/client@11.*
@mattermost/client@11.0.4
@mattermost/client@11.1.0
@mattermost/types@10.*
@mattermost/types@10.11.0
@mattermost/types@10.12.0
@mattermost/types@11.*
@mattermost/types@11.0.4
@mattermost/types@11.1.0
Other
cloud-2022-07-20-1
cloud-2022-08-10-1
cloud-2022-09-08-1
cloud-2022-10-06-1
cloud-2022-11-11-1
cloud-2022-11-24-1
mattermost-redux@10.*
mattermost-redux@10.11.0
mattermost-redux@10.12.0
mattermost-redux@11.*
mattermost-redux@11.0.4
mattermost-redux@11.1.0
preview-v0.*
preview-v0.1
server/public/v0.*
server/public/v0.0.10
server/public/v0.0.11
server/public/v0.0.12
server/public/v0.0.13
server/public/v0.0.14
server/public/v0.0.15
server/public/v0.0.16
server/public/v0.0.17
server/public/v0.0.18
server/public/v0.0.5
server/public/v0.0.6
server/public/v0.0.7
server/public/v0.0.8
server/public/v0.0.9
server/public/v0.1.0
server/public/v0.1.1
server/public/v0.1.10
server/public/v0.1.11
server/public/v0.1.12
server/public/v0.1.13
server/public/v0.1.14
server/public/v0.1.15
server/public/v0.1.16
server/public/v0.1.17
server/public/v0.1.18
server/public/v0.1.19
server/public/v0.1.2
server/public/v0.1.3
server/public/v0.1.4
server/public/v0.1.5
server/public/v0.1.6
server/public/v0.1.7
server/public/v0.1.8
server/public/v0.1.9
v0.*
v0.5.0
v10.*
v10.11.0
v10.11.0-rc3
v10.11.1
v10.11.1-rc1
v10.11.2
v10.11.2-rc1
v10.11.2-rc2
v10.11.3
v10.11.4
v10.11.4-rc1
v10.11.4-rc2
v10.11.4-rc3
v10.11.5
v10.11.6
v10.11.7
v10.12.0
v10.12.1
v10.12.1-rc1
v10.12.2
v10.12.3
v11.*
v11.0.0-alpha.1
v11.0.1
v11.0.1-rc1
v11.0.1-rc2
v11.0.1-rc3
v11.0.2
v11.0.3
v11.0.3-rc1
v11.0.4
v11.0.5
v11.1.0
v11.1.0-rc4
v11.1.1-rc1
v11.1.1-rc2
v4.*
v4.10.0-rc1
v4.2.0-rc1
v4.3.0-rc1
v4.4.0-rc1
v4.5.0-rc1
v4.6.0-rc1
v4.6.0-rc2
v4.7.0-rc1
v4.8.0-rc1
v4.9.0-rc1
v5.*
v5.0.0-rc1
v5.1.0-rc1
v5.2.0-rc1
v5.2.0-rc2