Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin)
Vulnerability Description
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Mattermost 跨站请求伪造漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 存在跨站请求伪造漏洞,该漏洞源于Jira 插件无法防止注销 CSRF,允许攻击者发布特制消息,仅通过查看消息即可断开用户在 Mattermost 中的 Jira 连接。
CVSS Information
N/A
Vulnerability Type
N/A