GHSA-qr8f-cjw7-838m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qr8f-cjw7-838m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-qr8f-cjw7-838m/GHSA-qr8f-cjw7-838m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qr8f-cjw7-838m
- Aliases
- Published
- 2024-02-09T15:31:27Z
- Modified
- 2024-07-08T20:19:14Z
- Severity
-
- 3.4 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N CVSS Calculator
- 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N CVSS Calculator
- Summary
- Mattermost Jira Plugin does not properly check security levels
- Details
-
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
- References
Affected packages
Go / github.com/mattermost/mattermost-plugin-jira
Package
- Name
- github.com/mattermost/mattermost-plugin-jira
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost-plugin-jira