CVE-2025-54478

High CVSS: 7.2

Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.

Vendor

Mattermost

Product

Confluence

CWE

CWE-306

Yayın Tarihi

2025-08-11 19:15:30

Güncelleme

2025-09-24 00:41:21

Source Identifier

responsibledisclosure@mattermost.com

KEV Date Added

Kategoriler

CWE-306 Confluence HIGH Mattermost 2025

Referanslar

https://mattermost.com/security-updates

Benzer Kayıtlar

Medium

CVE-2026-3112

Mattermost versions 11.4.x

Medium

CVE-2026-3113

Mattermost versions 11.4.x

Medium

CVE-2026-3114

Mattermost versions 11.4.x

Medium

CVE-2026-3115

Mattermost versions 11.2.x

High

CVE-2026-3108

Mattermost versions 11.2.x

Medium

CVE-2026-4274

Mattermost versions 11.2.x