Описание
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.1.7 (включая)
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.0025
Низкий
3.4 Low
CVSS3
4.1 Medium
CVSS3
Дефекты
CWE-863
CWE-863
Связанные уязвимости
CVSS3: 3.4
github
почти 2 года назад
Mattermost Jira Plugin does not properly check security levels
EPSS
Процентиль: 48%
0.0025
Низкий
3.4 Low
CVSS3
4.1 Medium
CVSS3
Дефекты
CWE-863
CWE-863