VYPR

Go modules package

github.com/mattermost/mattermost-plugin-jira

pkg:golang/github.com/mattermost/mattermost-plugin-jira

Vulnerabilities (3)

  • CVE-2025-14273Dec 22, 2025
    affected < 4.4.1fixed 4.4.1

    Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticat

  • CVE-2024-24774Feb 9, 2024
    affected < 4.0.0-rc1fixed 4.0.0-rc1

    Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

  • CVE-2024-23319Feb 9, 2024
    affected < 1.1.2-0.20230830170046-f4cf4c6de017fixed 1.1.2-0.20230830170046-f4cf4c6de017

    Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.