CVE-2024-24774

Name of the Vulnerable Software and Affected Versions Mattermost Jira Plugin versions prior to 4.0.0-rc1 Mattermost versions up to 8.1.7

Description The Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription. This results in registered users on Jira being able to create webhooks that give them access to all Jira issues.

Recommendations For Mattermost Jira Plugin versions prior to 4.0.0-rc1, update to version 4.0.0-rc1 or later to resolve the issue. For Mattermost versions up to 8.1.7, update to a version later than 8.1.7 to resolve the issue. As a temporary workaround, consider restricting access to the Jira Plugin to minimize the risk of exploitation.