CVE-2024-2445

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2445
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks against the users of the Mattermost server.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://mattermost.com/security-updates
Configurations

No configuration.

History

No history.

Information

Published : 2024-03-15 10:15

Updated : 2024-03-15 12:53

NVD link : CVE-2024-2445

Mitre link : CVE-2024-2445

CVE.ORG link : CVE-2024-2445

JSON object : View

Products Affected

No product.

CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')