Mattermost Confluence Plugin
Approved changes feed: RSS · Atom
cpe:2.3:a:mattermost:mattermost_confluence_plugin:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Mattermost (ed0788ef-af60-58f1-b6aa-68289d9946dc) |
|---|---|
| Product | Mattermost Confluence Plugin (e64b28b4-f388-5bd2-8bd0-41e1b0c1692f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-8285 |
vulnerable | 2026-06-03 15:13:43.283347 |
Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin
MEDIUM (4)
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.
Published: 2025-08-11T18:57:07.701Z
Updated: 2025-08-11T19:41:20.762Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54525 |
vulnerable | 2026-06-03 15:04:56.244605 |
Unexpected input to Create Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin
HIGH (7.5)
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
Published: 2025-08-11T18:57:06.841Z
Updated: 2025-08-11T19:40:57.217Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54478 |
vulnerable | 2026-06-03 15:04:56.079992 |
Unauthenticated Channel Subscription Edit in Mattermost Confluence Plugin
HIGH (7.2)
Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.
Published: 2025-08-11T18:57:06.088Z
Updated: 2025-08-11T19:40:33.338Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54463 |
vulnerable | 2026-06-03 15:04:56.054798 |
Unexpected Input to Cloud Webhook endpoint Causes DoS in Mattermost Confluence Plugin
MEDIUM (5.9)
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Published: 2025-08-11T18:57:05.342Z
Updated: 2025-08-11T19:39:08.495Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54458 |
vulnerable | 2026-06-03 15:04:56.040871 |
Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin
MEDIUM (5)
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint.
Published: 2025-08-11T18:57:04.545Z
Updated: 2025-08-11T19:38:22.132Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53910 |
vulnerable | 2026-06-03 15:03:55.320950 |
Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin
MEDIUM (4)
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint.
Published: 2025-08-11T18:57:03.212Z
Updated: 2025-08-11T19:37:44.454Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53857 |
vulnerable | 2026-06-03 15:03:55.225858 |
Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin
LOW (3.7)
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint.
Published: 2025-08-11T18:57:02.377Z
Updated: 2025-08-11T19:37:14.499Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-53514 |
vulnerable | 2026-06-03 15:03:54.208253 |
Unexpected Input to Server Webhook endpoint Causes DoS in Mattermost Confluence Plugin
MEDIUM (5.9)
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
Published: 2025-08-11T18:57:01.515Z
Updated: 2025-08-11T19:36:46.050Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52931 |
vulnerable | 2026-06-03 15:03:52.720251 |
Unexpected input to Update Channel Subscription endpoint causes DoS in Mattermost Confluence Plugin
HIGH (7.5)
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.
Published: 2025-08-11T18:57:00.672Z
Updated: 2025-08-11T19:36:18.801Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-49221 |
vulnerable | 2026-06-03 15:01:44.282326 |
Unauthenticated Access to Channel Subscription in Mattermost Confluence Plugin
LOW (3.7)
Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint.
Published: 2025-08-11T18:56:59.876Z
Updated: 2025-08-11T19:35:51.769Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48731 |
vulnerable | 2026-06-03 15:01:35.222500 |
Unauthorized Subscription Edit to Confluence Space in Mattermost Confluence Plugin
MEDIUM (6.4)
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint.
Published: 2025-08-11T18:56:59.077Z
Updated: 2025-08-11T19:35:23.834Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-44004 |
vulnerable | 2026-06-03 15:01:18.458622 |
Unauthenticated Channel Subscription Creation in Mattermost Confluence Plugin
HIGH (7.2)
Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint.
Published: 2025-08-11T18:56:58.269Z
Updated: 2025-08-11T19:34:49.595Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-44001 |
vulnerable | 2026-06-03 15:01:18.452845 |
Unauthorized Channel Subscription Read in Mattermost Confluence Plugin
MEDIUM (4)
Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint.
Published: 2025-08-11T18:56:57.280Z
Updated: 2025-08-11T19:34:12.187Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-13523 |
vulnerable | 2026-06-03 14:58:46.346286 |
Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow
HIGH (7.7)
Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557
Published: 2026-02-06T15:52:31.003Z
Updated: 2026-02-06T16:23:06.496Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.