CVE-2025-14273

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.1.x through 11.1.0 Mattermost versions 11.0.x through 11.0.5 Mattermost versions 10.12.x through 10.12.3 Mattermost versions 10.11.x through 10.11.7 Mattermost Jira plugin versions 4.4.0 and earlier

Description The Mattermost Jira plugin does not properly enforce authentication and issue-key path restrictions. This allows an unauthenticated attacker, knowing a valid user ID, to send authenticated GET and POST requests to the Jira server using specially crafted plugin payloads. These payloads can spoof the user ID and inject arbitrary issue key paths. The vulnerability requires the Jira plugin to be enabled.

Recommendations Update Mattermost to a version later than 11.1.0. Update Mattermost to a version later than 11.0.5. Update Mattermost to a version later than 10.12.3. Update Mattermost to a version later than 10.11.7. Update the Mattermost Jira plugin to a version later than 4.4.0.