Confluence
Approved changes feed: RSS · Atom
cpe:2.3:a:mattermost:confluence:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Mattermost (ed0788ef-af60-58f1-b6aa-68289d9946dc) |
|---|---|
| Product | Confluence (8b459c04-ca5f-5179-8074-5702894bef5d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/mattermost/mattermost-for-confluence |
purl2cpe | 2026-06-01 10:18:19.739980 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-8285 |
vulnerable | 2026-06-03 15:13:43.284950 |
Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin
MEDIUM (4)
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.
Published: 2025-08-11T18:57:07.701Z
Updated: 2025-08-11T19:41:20.762Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54525 |
vulnerable | 2026-06-03 15:04:56.244766 |
Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin
HIGH (7.5)
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
Published: 2025-08-11T18:57:06.841Z
Updated: 2025-08-11T19:40:57.217Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54478 |
vulnerable | 2026-06-03 15:04:56.080029 |
Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin
HIGH (7.2)
Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.
Published: 2025-08-11T18:57:06.088Z
Updated: 2025-08-11T19:40:33.338Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54463 |
vulnerable | 2026-06-03 15:04:56.056082 |
Unexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence Plugin
MEDIUM (5.9)
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Published: 2025-08-11T18:57:05.342Z
Updated: 2025-08-11T19:39:08.495Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-49221 |
vulnerable | 2026-06-03 15:01:44.283255 |
Unauthenticated Access to Channel Subscription in Mattermost Confluence Plugin
LOW (3.7)
Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint.
Published: 2025-08-11T18:56:59.876Z
Updated: 2025-08-11T19:35:51.769Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.