206 matches found
CVE-2025-48731
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint...
CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...
CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...
CVE-2025-8285
Mattermost Confluence Plugin has a Missing Authorization vulnerability in versions
CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...
CVE-2025-54478 Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...
CVE-2025-54525 Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body...
CVE-2025-54525 Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body...
CVE-2025-54478
Summary (CVE-2025-54478): Mattermost Confluence Plugin (versions
CVE-2025-54525
Mattermost Confluence Plugin (github.com/mattermost/mattermost-plugin-confluence) is affected by CVE-2025-54525. Versions older than 1.5.0 fail to properly handle an unexpected request body to the create channel subscription endpoint, which can cause the plugin to crash (DoS) under constant inval...
CVE-2025-54478 Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...
CVE-2025-54478 Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...
CVE-2025-54463 Unexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body...
CVE-2025-54463 Unexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body...
CVE-2025-54463
Mattermost Confluence Plugin (github.com/mattermost/mattermost-plugin-confluence) versions
CVE-2025-54458 Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint...
CVE-2025-53910
The CVE concerns Mattermost Confluence Plugin prior to 1.5.0, where API calls to edit channel subscriptions do not properly verify user access to the channel. This enables creation of a channel subscription without proper channel access. No exploitation details or fixes are provided in the connec...
CVE-2025-53910 Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...
CVE-2025-53910 Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...
CVE-2025-53910 Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...