CVE-2025-53857

Low CVSS: 3.7

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.

Vendor

Mattermost

Product

Confluence

CWE

CWE-862

Yayın Tarihi

2025-08-11 19:15:29

Güncelleme

2025-09-25 18:55:50

Source Identifier

responsibledisclosure@mattermost.com

KEV Date Added

Kategoriler

CWE-862 Confluence LOW Mattermost 2025

Referanslar

https://mattermost.com/security-updates

Benzer Kayıtlar

Medium

CVE-2026-3112

Mattermost versions 11.4.x

Medium

CVE-2026-3113

Mattermost versions 11.4.x

Medium

CVE-2026-3114

Mattermost versions 11.4.x

Medium

CVE-2026-3115

Mattermost versions 11.2.x

High

CVE-2026-3108

Mattermost versions 11.2.x

Medium

CVE-2026-4274

Mattermost versions 11.2.x