Base Score

LOW3.5

CVE-2024-23319

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.

VectorNETWORK

Published Byresponsibledisclosure@mattermost.com

Published DateFeb 09, 2024, 15:15

Affected Versions(1)

github.com/mattermost/mattermost-plugin-jira(Go)

Introduced0

Fixed1.1.2-0.20230830170046-f4cf4c6de017

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/mattermost/mattermost-plugin-jira(Go)	0	1.1.2-0.20230830170046-f4cf4c6de017	N/A

Weakness Type (CWE):CWE-352

CVSS Metrics

Base Score

3.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Base Severity

LOW

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW

References

https://mattermost.com/security-updates

Base Score

LOW3.5

Weakness Type (CWE):CWE-352

CVSS Metrics

Base Score

3.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Base Severity

LOW

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW