Mattermost Jira Plugin does not properly check security levels
Moderate severity
GitHub Reviewed
Published
Feb 9, 2024
to the GitHub Advisory Database
•
Updated Nov 18, 2024
Package
Affected versions
< 4.0.0-rc1
Patched versions
4.0.0-rc1
Description
Published by the National Vulnerability Database
Feb 9, 2024
Published to the GitHub Advisory Database
Feb 9, 2024
Reviewed
Feb 9, 2024
Last updated
Nov 18, 2024
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
References