CVE-2024-23319

LOW3.5EPSS 0.10%

Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery

發布日:2024/2/9修改日:2024/3/18

也稱為:GHSA-4fp6-574p-fc35BIT-mattermost-2024-23319GO-2024-2539

描述

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.

受影響套件(3)

Bitnami/mattermostfrom 0, < 9.6.1
Go/github.com/mattermost/mattermost-plugin-jirafrom 0, < 1.1.2-0.20230830170046-f4cf4c6de017
Go/github.com/mattermost/mattermost-plugin-jirafrom 0, < 1.1.2-0.20230830170046-f4cf4c6de017

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	LOW3.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-23319
PATCHhttps://github.com/mattermost/mattermost-plugin-jira
WEBhttps://github.com/mattermost/mattermost-plugin-jira/commit/f4cf4c6de017ef6aa4428d393b78f418dd84cd8e
WEBhttps://mattermost.com/security-updates
WEBhttps://pkg.go.dev/vuln/GO-2024-2539