CVE-2024-24774

Incorrect Authorization in go/github.com/mattermost/mattermost-plugin-jira

Identifiers

GHSA-qr8f-cjw7-838m, CVE-2024-24774

Package Slug

go/github.com/mattermost/mattermost-plugin-jira

Vulnerability

Incorrect Authorization

Description

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

Affected Versions

All versions before 4.0.0-rc1

Solution

Upgrade to version 4.0.0-rc1 or above. Note: 4.0.0-rc1 may be an unstable version. Use caution.

Last Modified

2024-02-12

source