Опубликовано: 09 фев. 2024
Источник: github
Github: Прошло ревью
CVSS4: 4.8
CVSS3: 3.4
Описание
Mattermost Jira Plugin does not properly check security levels
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
Пакеты
Наименование
github.com/mattermost/mattermost-plugin-jira
go
Затронутые версииВерсия исправления
< 4.0.0-rc1
4.0.0-rc1
Связанные уязвимости
CVSS3: 3.4
nvd
почти 2 года назад
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.