CVE-2026-22892
MEDIUM4.3EPSS 0.01%Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts in github.com/mattermost/mattermost-server
Published: 2/13/2026Modified: 2/23/2026
Description
Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts in github.com/mattermost/mattermost-server
Affected packages (2)
- Go/github.com/mattermost/mattermost-server>= 11.2.0, < 11.2.2
- Go/github.com/mattermost/mattermost-server>= 10.11.0+incompatible, < 10.11.10+incompatible, >= 11.1.0+incompatible, < 11.1.3+incompatible, >= 11.2.0+incompatible, < 11.2.2+incompatible
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |