CVE-2024-24774

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

Published: Feb 9, 2024
Updated: May 4, 2025
CVE: CVE-2024-24774
GHSA: GHSA-qr8f-cjw7-838m
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.1
AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
github.com/mattermost/mattermost-plugin-jira	-	4.0.0-rc1
mattermost / mattermost_server	-	8.1.7.x

https://github.com/mattermost/mattermost-plugin-jira/commit/5f5e084d169bf6b82d5c46a7a7eb033e1a01c6de
https://mattermost.com/security-updates

Vulnerability Database

CVE-2024-24774