Headline

GHSA-qr8f-cjw7-838m: Mattermost Jira Plugin does not properly check security levels

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

7 months ago

ghsa

Open in Source

#vulnerability #web #git #perl #jira

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

GitHub Advisory Database
GitHub Reviewed
CVE-2024-24774

Mattermost Jira Plugin does not properly check security levels

Low severity GitHub Reviewed Published Feb 9, 2024 to the GitHub Advisory Database • Updated Feb 9, 2024

Package

gomod github.com/mattermost/mattermost-plugin-jira (Go)

Affected versions

< 4.0.0-rc1

Patched versions

4.0.0-rc1

Description

Published to the GitHub Advisory Database

Feb 9, 2024

ghsa: Latest News

GHSA-gcx4-mw62-g8wm: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

5 hours ago

ghsa

GHSA-8fx8-3rg2-79xw: Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

5 hours ago

ghsa

GHSA-3hp8-6j24-m5gm: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)

5 hours ago

ghsa

GHSA-2wq5-g96f-mv3v: Ouch! allows a segmentation fault due to use of uninitialized memory

6 hours ago

ghsa

GHSA-3fc8-2r3f-8wrg: lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)

7 hours ago

ghsa