Low severityNVD Advisory· Published Feb 9, 2024· Updated Aug 1, 2024
CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin)
CVE-2024-23319
Description
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/mattermost/mattermost-plugin-jiraGo | < 1.1.2-0.20230830170046-f4cf4c6de017 | 1.1.2-0.20230830170046-f4cf4c6de017 |
Affected products
3- osv-coords2 versions
< 9.6.1+ 1 more
- (no CPE)range: < 9.6.1
- (no CPE)range: < 1.1.2-0.20230830170046-f4cf4c6de017
- Range: 0
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.