CVE-2024-24774

MEDIUM Year: 2024
CVSS v3 Score
4.1
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.

Related Vulnerabilities

CVE-2020-25284

MEDIUM
CVSS:4.1(Medium)

The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map o...

CWE-8632020

CVE-2017-12112

MEDIUM
CVSS:4.0(Medium)

An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the ...

CWE-8632017

CVE-2017-12113

MEDIUM
CVSS:4.0(Medium)

An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the...

CWE-8632017

CVE-2017-12114

MEDIUM
CVSS:4.0(Medium)

An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the re...

CWE-8632017

CVE-2017-12117

MEDIUM
CVSS:4.0(Medium)

An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the re...

CWE-8632017

CVE-2017-12118

MEDIUM
CVSS:4.0(Medium)

An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vul...

CWE-8632017