Lucene search
K

54 matches found

Snyk
Snyk
added 2025/08/11 9:31 p.m.2 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the create channel subscription endpoint when unexpected request bodies are not properly handled. An attacker can cause the plugin to crash by repeatedly sending invalid request bodies...

8.7CVSS7AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/11 9:31 p.m.0 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the create channel subscription endpoint when unexpected request bodies are not properly handled. An attacker can cause the plugin to crash by repeatedly sending invalid request bodies...

8.7CVSS7AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/11 9:31 p.m.4 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the create channel subscription endpoint when unexpected request bodies are not properly handled. An attacker can cause the plugin to crash by repeatedly sending invalid request bodies...

8.7CVSS7AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/11 9:31 p.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the create channel subscription endpoint. An attacker can create unauthorized channel subscriptions by making API calls without proper access checks. Remediation Upgrade...

6.3CVSS7AI score0.00184EPSS
Exploits0References2
OSV
OSV
added 2025/08/11 9:31 p.m.5 views

GHSA-V6C8-G53H-MC2H Mattermost Confluence Plugin has Missing Authorization vulnerability

Mattermost Confluence Plugin versions 1.5.0 fail to check user access to the channel, allowing attackers to create a channel subscription without proper access to the channel via an API call to the edit channel subscription endpoint...

4CVSS6.9AI score0.00183EPSS
Exploits0References3
OSV
OSV
added 2025/08/11 9:31 p.m.3 views

GHSA-3CG3-3MMR-W8HJ Mattermost Confluence Plugin has Improper Validation of Specified Type of Input

Mattermost Confluence Plugin versions 1.5.0 fail to handle unexpected request bodies, allowing attackers to crash the plugin via constant hits to the create channel subscription endpoint with an invalid request body...

7.5CVSS7AI score0.00312EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/11 9:31 p.m.13 views

Mattermost Confluence Plugin is Missing Authentication for Critical Function

Mattermost Confluence Plugin version 1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint...

7.2CVSS7AI score0.00189EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/08/11 7:15 p.m.5 views

CVE-2025-54525

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body...

7.5CVSS0.00312EPSS
Exploits0References1
NVD
NVD
added 2025/08/11 7:15 p.m.29 views

CVE-2025-54478

Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

7.2CVSS0.00225EPSS
Exploits0References1
NVD
NVD
added 2025/08/11 7:15 p.m.44 views

CVE-2025-53910

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...

4CVSS0.00183EPSS
Exploits0References1
NVD
NVD
added 2025/08/11 7:15 p.m.5 views

CVE-2025-52931

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body...

7.5CVSS0.00312EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.3 views

CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...

4CVSS7.1AI score0.00184EPSS
Exploits0References1
CVE
CVE
added 2025/08/11 6:57 p.m.27 views

CVE-2025-8285

Mattermost Confluence Plugin has a Missing Authorization vulnerability in versions

5.3CVSS7.1AI score0.00184EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/08/11 6:57 p.m.3 views

CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...

4CVSS5.9AI score0.00184EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/11 6:57 p.m.20 views

CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...

4CVSS0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.1 views

CVE-2025-54525 Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body...

7.5CVSS7.1AI score0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/11 6:57 p.m.6 views

CVE-2025-54525 Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body...

7.5CVSS0.00312EPSS
Exploits0References1
CVE
CVE
added 2025/08/11 6:57 p.m.32 views

CVE-2025-54525

Mattermost Confluence Plugin (github.com/mattermost/mattermost-plugin-confluence) is affected by CVE-2025-54525. Versions older than 1.5.0 fail to properly handle an unexpected request body to the create channel subscription endpoint, which can cause the plugin to crash (DoS) under constant inval...

7.5CVSS7.1AI score0.00312EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/08/11 6:57 p.m.4 views

CVE-2025-54525 Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body...

7.5CVSS7.1AI score0.00312EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.4 views

CVE-2025-53910 Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...

4CVSS7AI score0.00183EPSS
Exploits0References1
Rows per page
Query Builder