Vulnerabilities > CVE-2024-24774 - Incorrect Authorization vulnerability in Mattermost Server 5.23.0

CVSS 4.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mattermost

CWE-863

NVD

Published: 2024-02-09

Updated: 2024-02-15

Summary

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

Vulnerable Configurations

Part	Description	Count
Application	Mattermost Mattermost Mattermost Server 5.23.0	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://mattermost.com/security-updates