Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks against the users of the Mattermost server.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2024-03-15T09:19:50.127Z
Updated: 2024-06-04T17:30:11.664Z
Reserved: 2024-03-14T11:40:19.218Z
Link: CVE-2024-2445
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-03-15T10:15:07.923
Modified: 2024-03-15T12:53:06.423
Link: CVE-2024-2445
JSON object: View
Redhat Information
No data.
CWE