Lucene search
K

20 matches found

CVE
CVE
added 2026/06/22 1:38 p.m.13 views

CVE-2026-6673

Mattermost Jira plugin (CVE-2026-6673) authenticates poorly during Atlassian Connect install. Affected Mattermost versions (11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x

6.4CVSS6AI score0.00177EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.10 views

SUSE CVE-2026-22892

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS5.8AI score0.00239EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/13 10:29 a.m.29 views

CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/02/13 10:29 a.m.4 views

CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

4.3CVSS6AI score0.00239EPSS
Exploits0References3
CVE
CVE
added 2026/02/13 10:29 a.m.21 views

CVE-2026-22892

Mattermost versions 11.1.x up to 11.1.2, 10.11.x up to 10.11.9, and 11.2.x up to 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts. An authenticated attacker with access to the Jira plugin can read post content and attachments from channels they do not have ...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/29 12:0 a.m.4 views

Mattermost Server 10.11.x < 10.11.8 / 10.12.x < 10.12.4 / 11.0.x <= 11.0.6 / 11.1.x <= 11.1.1 Improper Authentication (MMSA-2025-00555)

The version of Mattermost Server installed on the remote host is 10.11.x prior to 10.11.8, 10.12.x prior to 10.12.4, 11.0.x prior to 11.0.6, or 11.1.x prior to 11.1.1, and is, therefore, affected by an improper authentication vulnerability: - Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5,...

8.3CVSS5.8AI score0.00227EPSS
Exploits0References2
CVE
CVE
added 2025/12/24 8:1 a.m.16 views

CVE-2025-13767

Mattermost Jira plugin vulnerability (CVE-2025-13767): versions 11.1.x &lt;= 11.1.0, 11.0.x &lt;= 11.0.5, 10.12.x &lt;= 10.12.3, 10.11.x

4.3CVSS6.2AI score0.00165EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/23 11:35 a.m.3 views

CVE-2025-14273

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

8.3CVSS7AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2025/12/22 12:30 p.m.4 views

GHSA-QVMC-92VG-6R35 Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

7.2CVSS7AI score0.00227EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/12/22 11:24 a.m.23 views

CVE-2025-14273 Mattermost Jira plugin user spoofing enables Jira request forgery.

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

7.2CVSS0.00227EPSS
Exploits0References1
OSV
OSV
added 2025/12/22 11:24 a.m.4 views

CVE-2025-14273 Mattermost Jira plugin user spoofing enables Jira request forgery.

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

7.2CVSS6.1AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2025/12/22 11:24 a.m.76 views

CVE-2025-14273

Mattermost with the Jira plugin enabled is affected by CVE-2025-14273. The issue is an improper authentication/authorization flaw in which Mattermost Jira plugin versions &lt;= 4.4.0 fail to enforce authentication and issue-key path restrictions, enabling an unauthenticated attacker who knows a v...

8.3CVSS6.6AI score0.00227EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:57 a.m.12 views

CVE-2024-2445

Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks agains...

6.1CVSS6AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.6 views

CVE-2024-23319

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...

3.5CVSS6.6AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:37 a.m.4 views

CVE-2024-24774

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...

4.1CVSS6.8AI score0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/15 9:19 a.m.23 views

CVE-2024-2445 Reflected XSS in Mattermost Jira plugin

Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks agains...

6.1CVSS6.2AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/15 9:19 a.m.16 views

CVE-2024-2445 Reflected XSS in Mattermost Jira plugin

Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks agains...

6.1CVSS6.1AI score0.00309EPSS
Exploits0References1
Veracode
Veracode
added 2024/02/13 12:52 p.m.16 views

Unauthorized Access

Mattermost Jira Plugin is vulnerable to unauthorized access. The vulnerability is due to its failure to check the security level of incoming issues or restrict based on the user, allowing registered Jira users to create webhooks granting access to all Jira issues...

4.1CVSS6.8AI score0.00456EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/02/09 3:15 p.m.26 views

CVE-2024-23319

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...

3.5CVSS3.7AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.5 views

PT-2024-19806 · Mattermost · Mattermost Jira Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Jira Plugin affected versions not specified Description: The Mattermost Jira Plugin fails to protect against logout CSRF, allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in...

3.5CVSS6.7AI score0.00245EPSS
Exploits0References14
Rows per page
Query Builder