CVE-2025-44004

High CVSS: 7.2

Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint.

Vendor

Mattermost

Product

Confluence

CWE

CWE-306

Yayın Tarihi

2025-08-11 19:15:27

Güncelleme

2025-09-25 18:53:07

Source Identifier

responsibledisclosure@mattermost.com

KEV Date Added

Kategoriler

CWE-306 Confluence HIGH Mattermost 2025

Referanslar

https://mattermost.com/security-updates

Benzer Kayıtlar

Medium

CVE-2026-3112

Mattermost versions 11.4.x

Medium

CVE-2026-3113

Mattermost versions 11.4.x

Medium

CVE-2026-3114

Mattermost versions 11.4.x

Medium

CVE-2026-3115

Mattermost versions 11.2.x

High

CVE-2026-3108

Mattermost versions 11.2.x

Medium

CVE-2026-4274

Mattermost versions 11.2.x