data/reports/GO-2024-2539.yaml - vulndb - Git at Google

 id: GO-2024-2539
 modules:
     - module: github.com/mattermost/mattermost-plugin-jira
       versions:
         - fixed: 1.1.2-0.20230830170046-f4cf4c6de017
       non_go_versions:
         - fixed: 4.0.0-rc2
       vulnerable_at: 1.1.2-0.20230829214939-57856e474934
       packages:
         - package: github.com/mattermost/mattermost-plugin-jira/server
           symbols:
             - Plugin.httpOAuth1aDisconnect
             - Plugin.initializeRouter
 summary: |-
     Cross-site request forgery via logout button in
     github.com/mattermost/mattermost-plugin-jira
 cves:
     - CVE-2024-23319
 ghsas:
     - GHSA-4fp6-574p-fc35
 references:
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-23319
     - fix: https://github.com/mattermost/mattermost-plugin-jira/commit/f4cf4c6de017ef6aa4428d393b78f418dd84cd8e
     - web: https://mattermost.com/security-updates
 review_status: REVIEWED
	id: GO-2024-2539
	modules:
	- module: github.com/mattermost/mattermost-plugin-jira
	versions:
	- fixed: 1.1.2-0.20230830170046-f4cf4c6de017
	non_go_versions:
	- fixed: 4.0.0-rc2
	vulnerable_at: 1.1.2-0.20230829214939-57856e474934
	packages:
	- package: github.com/mattermost/mattermost-plugin-jira/server
	symbols:
	- Plugin.httpOAuth1aDisconnect
	- Plugin.initializeRouter
	summary: \|-
	Cross-site request forgery via logout button in
	github.com/mattermost/mattermost-plugin-jira
	cves:
	- CVE-2024-23319
	ghsas:
	- GHSA-4fp6-574p-fc35
	references:
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-23319
	- fix: https://github.com/mattermost/mattermost-plugin-jira/commit/f4cf4c6de017ef6aa4428d393b78f418dd84cd8e
	- web: https://mattermost.com/security-updates
	review_status: REVIEWED