CVE-2024-2445

Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks against the users of the Mattermost server.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://mattermost.com/security-updates
https://mattermost.com/security-updates

Configurations

No configuration.

History

21 Nov 2024, 09:09

Type	Values Removed	Values Added
Summary		(es) Las versiones del complemento Mattermost Jira enviadas con las versiones 8.1.x anteriores a 8.1.10, 9.2.x anteriores a 9.2.6, 9.3.x anteriores a 9.3.2 y 9.4.x anteriores a 9.4.3 no logran escapar de las salidas controladas por el usuario al generar HTML. páginas, lo que permite a un atacante realizar ataques de cross-site scripting reflejados contra los usuarios del servidor Mattermost.
References	~~() https://mattermost.com/security-updates -~~	() https://mattermost.com/security-updates -

15 Mar 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-15 10:15

Updated : 2024-11-21 09:09

NVD link : CVE-2024-2445

Mitre link : CVE-2024-2445

CVE.ORG link : CVE-2024-2445

JSON object : View

Products Affected

No product.

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

6.1 /10