CVE-2024-23319

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-352
View all →

Vulnerability Description

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.

Related Vulnerabilities

CVE-2016-2998

LOW
CVSS:3.5(Low)

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication o...

CWE-3522016

CVE-2016-3009

LOW
CVSS:3.5(Low)

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary user...

CWE-3522016

CVE-2017-5244

LOW
CVSS:3.5(Low)

Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of th...

CWE-3522017

CVE-2020-18464

LOW
CVSS:3.5(Low)

Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.

CWE-3522020

CVE-2020-28838

LOW
CVSS:3.5(Low)

Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.

CWE-3522020

CVE-2021-26071

LOW
CVSS:3.5(Low)

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymou...

CWE-3522021