GHSA-qr8f-cjw7-838m, CVE-2024-24774
go/github.com/mattermost/mattermost-plugin-jira
Incorrect Authorization
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
All versions before 4.0.0-rc1
Upgrade to version 4.0.0-rc1 or above. Note: 4.0.0-rc1 may be an unstable version. Use caution.
2024-02-12
source |