Go modules package
github.com/mattermost/mattermost-plugin-jira
pkg:golang/github.com/mattermost/mattermost-plugin-jira
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-14273 | — | < 4.4.1 | 4.4.1 | Dec 22, 2025 | Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticat | ||
| CVE-2024-24774 | — | < 4.0.0-rc1 | 4.0.0-rc1 | Feb 9, 2024 | Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues. | ||
| CVE-2024-23319 | — | < 1.1.2-0.20230830170046-f4cf4c6de017 | 1.1.2-0.20230830170046-f4cf4c6de017 | Feb 9, 2024 | Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message. |
- CVE-2025-14273Dec 22, 2025affected < 4.4.1fixed 4.4.1
Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticat
- CVE-2024-24774Feb 9, 2024affected < 4.0.0-rc1fixed 4.0.0-rc1
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
- CVE-2024-23319Feb 9, 2024affected < 1.1.2-0.20230830170046-f4cf4c6de017fixed 1.1.2-0.20230830170046-f4cf4c6de017
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.