1070 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the GET autocomplete/GetChannelSubscriptions endpoint. An attacker can retrieve channel subscription details by making unauthorized API calls. Remediation Upgrade...
GHSA-42M6-5VM7-FJV2 Mattermost Confluence Plugin has Missing Authorization vulnerability
Mattermost Confluence Plugin versions 1.5.0 fail to check user access to the channel, allowing attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint...
Mattermost Confluence Plugin is Missing Authentication for Critical Function
Mattermost Confluence Plugin versions 1.5.0 fail to enforce user authentication of the Mattermost instance, allowing unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the handleGetChannelSubscription function. An attacker can create unauthorized channel subscriptions by making API calls without proper access checks. Remediation Upgrade...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the GET autocomplete/GetChannelSubscriptions endpoint. An attacker can retrieve channel subscription details by making unauthorized API calls. Remediation Upgrade...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to an API call to edit the channel subscription endpoint. An attacker can modify channel subscriptions by sending unauthorized API requests. Remediation Upgrade...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the create channel subscription endpoint, which fails to check the authorization of the user. An attacker can gain unauthorized access to create channel subscriptions by making API calls...
GHSA-6FF3-JGXH-VFFJ Mattermost Confluence Plugin is Missing Authentication for Critical Function
Mattermost Confluence Plugin version 1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the edit subscription endpoint. An attacker can gain unauthorized access to edit subscriptions for spaces they do not have permission to access by sending crafted requests. Remediation Upgrade...
GHSA-VPCR-FQPC-386H Mattermost Confluence Plugin has Missing Authorization vulnerability
Mattermost Confluence Plugin versions 1.5.0 fail to check user access to the channel, which allows attackers to get channel subscription details without proper access to the channel via an API call to the Get Channel Subscriptions details endpoint...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the Get Channel Subscriptions details endpoint. An attacker can retrieve channel subscription details by making unauthorized API calls. Remediation Upgrade...
Mattermost Confluence Plugin has Missing Authorization vulnerability
Mattermost Confluence Plugin versions 1.5.0 fail to check user access to the channel, which allows attackers to get channel subscription details without proper access to the channel via an API call to the Get Channel Subscriptions details endpoint...
CVE-2025-54478
Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...
CVE-2025-8285
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...
CVE-2025-54478
Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...
CVE-2025-54458
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint...
CVE-2025-44004
Mattermost Confluence Plugin version 1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint...
CVE-2025-44001
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint...
CVE-2025-8285
Mattermost Confluence Plugin has a Missing Authorization vulnerability in versions
CVE-2025-54478 Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...