[GHSA-9pj7-jh2r-87g8] Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts

advisories/github-reviewed/2026/02/GHSA-9pj7-jh2r-87g8/GHSA-9pj7-jh2r-87g8.json

@@ -7,11 +7,11 @@
     "CVE-2026-22892"
   ],
   "summary": "Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts",
-  "details": "Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550",
+  "details": "Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, and 11.2.x <= 11.2.1 contain an Insecure Direct Object Reference (IDOR) vulnerability in the Jira plugin integration.\n\nThe system fails to validate user permissions when creating Jira issues from Mattermost posts. An authenticated attacker can access the `/create-issue` API endpoint and supply the ID of a post in a channel they do not have access to. This allows the attacker to read the content and attachments of private or restricted posts, bypassing channel access controls.",
   "severity": [
     {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -98,6 +98,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-639",
       "CWE-863"
     ],
     "severity": "MODERATE",