CVE-2024-24774
LOW3.4EPSS 0.29%Mattermost Jira Plugin does not properly check security levels in github.com/mattermost/mattermost-plugin-jira
發布日:2024/2/9修改日:2025/4/3
描述
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
受影響套件(3)
- Bitnami/mattermostfrom 0, < 9.6.1
- Go/github.com/mattermost/mattermost-plugin-jirafrom 0, < 4.0.0-rc1
- Go/github.com/mattermost/mattermost-plugin-jirafrom 0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |
| osv | CVSS 3.1 | LOW3.4 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N |