CVE-2024-24774: Mattermost Jira Plugin does not properly check security levels

February 9, 2024 (updated November 18, 2024)

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

References

github.com/advisories/GHSA-qr8f-cjw7-838m
github.com/mattermost/mattermost-plugin-jira/commit/5f5e084d169bf6b82d5c46a7a7eb033e1a01c6de
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2024-24774

Code Behaviors & Features

Detect and mitigate CVE-2024-24774 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →