GHSA-qr8f-cjw7-838m

Source
https://github.com/advisories/GHSA-qr8f-cjw7-838m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-qr8f-cjw7-838m/GHSA-qr8f-cjw7-838m.json
Aliases
Published
2024-02-09T15:31:27Z
Modified
2024-02-16T08:26:32.465601Z
Details

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

References

Affected packages

Go / github.com/mattermost/mattermost-plugin-jira

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
4.0.0-rc1