CVE-2024-23319

Cross-Site Request Forgery (CSRF) in go/github.com/mattermost/mattermost-plugin-jira

Identifiers

GHSA-4fp6-574p-fc35, CVE-2024-23319

Package Slug

go/github.com/mattermost/mattermost-plugin-jira

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.

Affected Versions

All versions before 4.0.0-rc2

Solution

Upgrade to version 4.0.0-rc2 or above. Note: 4.0.0-rc2 may be an unstable version. Use caution.

Last Modified

2024-02-12

source