CVE-2024-24774

Published Feb 9, 2024

Last updated 9 months ago

Overview

Description: Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
Source: responsibledisclosure@mattermost.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.1
Impact score: 1.4
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-863
responsibledisclosure@mattermost.com: CWE-863

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C15FCA4-0D78-4869-B363-E7BE70D01A40",
            "versionEndIncluding": "8.1.7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References