GHSA-4fp6-574p-fc35, CVE-2024-23319
go/github.com/mattermost/mattermost-plugin-jira
Cross-Site Request Forgery (CSRF)
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.
All versions before 4.0.0-rc2
Upgrade to version 4.0.0-rc2 or above. Note: 4.0.0-rc2 may be an unstable version. Use caution.
2024-02-12
source |