Confluence
Approved changes feed: RSS · Atom
cpe:2.3:a:mattermost:confluence:*:*:*:*:*:mattermost:*:*
part: a version: * update: *
| Vendor | Mattermost (ed0788ef-af60-58f1-b6aa-68289d9946dc) |
|---|---|
| Product | Confluence (8b459c04-ca5f-5179-8074-5702894bef5d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | mattermost |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/mattermost/mattermost-for-confluence |
purl2cpe | 2026-06-01 10:18:19.744759 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-54458 |
vulnerable | 2026-06-03 15:04:56.042320 |
Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin
MEDIUM (5)
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint.
Published: 2025-08-11T18:57:04.545Z
Updated: 2025-08-11T19:38:22.132Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53910 |
vulnerable | 2026-06-03 15:03:55.320990 |
Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin
MEDIUM (4)
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.
Published: 2025-08-11T18:57:03.212Z
Updated: 2025-08-11T19:37:44.454Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53857 |
vulnerable | 2026-06-03 15:03:55.225890 |
Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin
LOW (3.7)
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.
Published: 2025-08-11T18:57:02.377Z
Updated: 2025-08-11T19:37:14.499Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53514 |
vulnerable | 2026-06-03 15:03:54.208290 |
Unexpected Input to Server Webhook endpoint Causes DoS in Mattermost Confluence Plugin
MEDIUM (5.9)
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Published: 2025-08-11T18:57:01.515Z
Updated: 2025-08-11T19:36:46.050Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52931 |
vulnerable | 2026-06-03 15:03:52.721588 |
Unexpected input to Update Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin
HIGH (7.5)
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.
Published: 2025-08-11T18:57:00.672Z
Updated: 2025-08-11T19:36:18.801Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48731 |
vulnerable | 2026-06-03 15:01:35.223248 |
Unauthorized Subscription Edit to Confluence Space in Mattermost Confluence Plugin
MEDIUM (6.4)
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint.
Published: 2025-08-11T18:56:59.077Z
Updated: 2025-08-11T19:35:23.834Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-44004 |
vulnerable | 2026-06-03 15:01:18.458759 |
Unauthenticated Channel Subscription Creation in Mattermost Confluence Plugin
HIGH (7.2)
Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint.
Published: 2025-08-11T18:56:58.269Z
Updated: 2025-08-11T19:34:49.595Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-44001 |
vulnerable | 2026-06-03 15:01:18.454246 |
Unauthorized Channel Subscription Read in Mattermost Confluence Plugin
MEDIUM (4)
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint.
Published: 2025-08-11T18:56:57.280Z
Updated: 2025-08-11T19:34:12.187Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13523 |
vulnerable | 2026-06-03 14:58:46.347469 |
Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow
HIGH (7.7)
Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557
Published: 2026-02-06T15:52:31.003Z
Updated: 2026-02-06T16:23:06.496Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.