CVE-2024-24774
Mattermost Jira Plugin does not properly check security levels in github.com/mattermost/mattermost-plugin-jira
3.4
LOW
CVSS 3.1
EPSS 0.29%
Description
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
How to fix CVE-2024-24774
To remediate CVE-2024-24774, upgrade the affected package to a fixed version below.
- —upgrade to 9.6.1 or later
- —upgrade to 4.0.0-rc1 or later
- —no fix listed
Is CVE-2024-24774 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 9.6.1
- from 0, < 4.0.0-rc1
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |
| osv | CVSS 3.1 | LOW3.4 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N |