GHSA-4fp6-574p-fc35

Source
https://github.com/advisories/GHSA-4fp6-574p-fc35
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-4fp6-574p-fc35/GHSA-4fp6-574p-fc35.json
Aliases
Published
2024-02-09T15:31:26Z
Modified
2024-02-16T08:26:30.218775Z
Details

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.

References

Affected packages

Go / github.com/mattermost/mattermost-plugin-jira

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
4.0.0-rc2