Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Low severity
GitHub Reviewed
Published
Feb 9, 2024
to the GitHub Advisory Database
•
Updated Mar 18, 2024
Package
Affected versions
< 1.1.2-0.20230830170046-f4cf4c6de017
Patched versions
1.1.2-0.20230830170046-f4cf4c6de017
Description
Published by the National Vulnerability Database
Feb 9, 2024
Published to the GitHub Advisory Database
Feb 9, 2024
Reviewed
Feb 9, 2024
Last updated
Mar 18, 2024
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.
References