CVE-2024-24774

medium

Description

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

References

https://mattermost.com/security-updates

Details

Source: Mitre, NVD

Published: 2024-02-09

Updated: 2024-02-15

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 4.1

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Severity: Medium

Detections

Analytics