{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T20:14:47.271","vulnerabilities":[{"cve":{"id":"CVE-2026-22892","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-02-13T11:16:10.693","lastModified":"2026-02-18T21:34:16.227","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550"},{"lang":"es","value":"Las versiones de Mattermost 11.1.x &lt;= 11.1.2, 10.11.x &lt;= 10.11.9, 11.2.x &lt;= 11.2.1 no validan los permisos de usuario al crear incidencias de Jira a partir de publicaciones de Mattermost, lo que permite a un atacante autenticado con acceso al plugin de Jira leer el contenido de las publicaciones y los archivos adjuntos de canales a los que no tienen acceso a través del endpoint de la API /create-issue proporcionando el ID de publicación de una publicación inaccesible. ID de aviso de Mattermost: MMSA-2025-00550"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.11.0","versionEndExcluding":"10.11.10","matchCriteriaId":"92B0F8BD-06A1-4B39-95C5-4FB5A195F1C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.1.3","matchCriteriaId":"0910E4A8-6DBD-407F-B262-38E4DE9657D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*","versionStartIncluding":"11.2.0","versionEndExcluding":"11.2.2","matchCriteriaId":"D98EAFB2-8055-4893-835B-30A99ED97892"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}}]}