20 matches found
CVE-2026-6673
Mattermost Jira plugin (CVE-2026-6673) authenticates poorly during Atlassian Connect install. Affected Mattermost versions (11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x
SUSE CVE-2026-22892
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2026-22892 Insufficient Authorization in Mattermost Jira Plugin Allows Unauthorized Access to Post Attachments
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2026-22892
Mattermost versions 11.1.x up to 11.1.2, 10.11.x up to 10.11.9, and 11.2.x up to 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts. An authenticated attacker with access to the Jira plugin can read post content and attachments from channels they do not have ...
Mattermost Server 10.11.x < 10.11.8 / 10.12.x < 10.12.4 / 11.0.x <= 11.0.6 / 11.1.x <= 11.1.1 Improper Authentication (MMSA-2025-00555)
The version of Mattermost Server installed on the remote host is 10.11.x prior to 10.11.8, 10.12.x prior to 10.12.4, 11.0.x prior to 11.0.6, or 11.1.x prior to 11.1.1, and is, therefore, affected by an improper authentication vulnerability: - Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5,...
CVE-2025-13767
Mattermost Jira plugin vulnerability (CVE-2025-13767): versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x
CVE-2025-14273
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...
GHSA-QVMC-92VG-6R35 Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...
CVE-2025-14273 Mattermost Jira plugin user spoofing enables Jira request forgery.
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...
CVE-2025-14273 Mattermost Jira plugin user spoofing enables Jira request forgery.
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...
CVE-2025-14273
Mattermost with the Jira plugin enabled is affected by CVE-2025-14273. The issue is an improper authentication/authorization flaw in which Mattermost Jira plugin versions <= 4.4.0 fail to enforce authentication and issue-key path restrictions, enabling an unauthenticated attacker who knows a v...
CVE-2024-2445
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks agains...
CVE-2024-23319
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...
CVE-2024-24774
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues...
CVE-2024-2445 Reflected XSS in Mattermost Jira plugin
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks agains...
CVE-2024-2445 Reflected XSS in Mattermost Jira plugin
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks agains...
Unauthorized Access
Mattermost Jira Plugin is vulnerable to unauthorized access. The vulnerability is due to its failure to check the security level of incoming issues or restrict based on the user, allowing registered Jira users to create webhooks granting access to all Jira issues...
CVE-2024-23319
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...
PT-2024-19806 · Mattermost · Mattermost Jira Plugin
Name of the Vulnerable Software and Affected Versions: Mattermost Jira Plugin affected versions not specified Description: The Mattermost Jira Plugin fails to protect against logout CSRF, allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in...