Lucene search
K

206 matches found

NVD
NVD
added 2025/08/11 7:15 p.m.5 views

CVE-2025-48731

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint...

6.4CVSS0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/11 6:57 p.m.19 views

CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...

4CVSS0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.3 views

CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...

4CVSS7.1AI score0.00184EPSS
Exploits0References1
CVE
CVE
added 2025/08/11 6:57 p.m.27 views

CVE-2025-8285

Mattermost Confluence Plugin has a Missing Authorization vulnerability in versions

5.3CVSS7.1AI score0.00184EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/08/11 6:57 p.m.3 views

CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...

4CVSS5.8AI score0.00184EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.3 views

CVE-2025-54478 Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

7.2CVSS7.4AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.1 views

CVE-2025-54525 Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body...

7.5CVSS7.1AI score0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/11 6:57 p.m.6 views

CVE-2025-54525 Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body...

7.5CVSS0.00312EPSS
Exploits0References1
CVE
CVE
added 2025/08/11 6:57 p.m.27 views

CVE-2025-54478

Summary (CVE-2025-54478): Mattermost Confluence Plugin (versions

7.2CVSS7.4AI score0.00225EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/08/11 6:57 p.m.32 views

CVE-2025-54525

Mattermost Confluence Plugin (github.com/mattermost/mattermost-plugin-confluence) is affected by CVE-2025-54525. Versions older than 1.5.0 fail to properly handle an unexpected request body to the create channel subscription endpoint, which can cause the plugin to crash (DoS) under constant inval...

7.5CVSS7.1AI score0.00312EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/08/11 6:57 p.m.29 views

CVE-2025-54478 Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

7.2CVSS0.00225EPSS
Exploits0References1
OSV
OSV
added 2025/08/11 6:57 p.m.4 views

CVE-2025-54478 Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

7.2CVSS7AI score0.00225EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.1 views

CVE-2025-54463 Unexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body...

5.9CVSS7.1AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/11 6:57 p.m.6 views

CVE-2025-54463 Unexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body...

5.9CVSS0.00275EPSS
Exploits0References1
CVE
CVE
added 2025/08/11 6:57 p.m.130 views

CVE-2025-54463

Mattermost Confluence Plugin (github.com/mattermost/mattermost-plugin-confluence) versions

7.5CVSS7.1AI score0.00275EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.1 views

CVE-2025-54458 Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint...

5CVSS7.1AI score0.00192EPSS
Exploits0References1
CVE
CVE
added 2025/08/11 6:57 p.m.33 views

CVE-2025-53910

The CVE concerns Mattermost Confluence Plugin prior to 1.5.0, where API calls to edit channel subscriptions do not properly verify user access to the channel. This enables creation of a channel subscription without proper channel access. No exploitation details or fixes are provided in the connec...

4CVSS7AI score0.00183EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.4 views

CVE-2025-53910 Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...

4CVSS7AI score0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/11 6:57 p.m.40 views

CVE-2025-53910 Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...

4CVSS0.00183EPSS
Exploits0References1
OSV
OSV
added 2025/08/11 6:57 p.m.4 views

CVE-2025-53910 Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...

4CVSS5.9AI score0.00183EPSS
Exploits0References4
Rows per page
Query Builder