Mattermost Confluence Plugin is Missing Authentication for Critical Function
Moderate severity
GitHub Reviewed
Published
Aug 11, 2025
to the GitHub Advisory Database
•
Updated Sep 24, 2025
Package
Affected versions
< 1.5.0
Patched versions
1.5.0
Description
Published by the National Vulnerability Database
Aug 11, 2025
Published to the GitHub Advisory Database
Aug 11, 2025
Reviewed
Aug 12, 2025
Last updated
Sep 24, 2025
Mattermost Confluence Plugin versions < 1.5.0 fail to enforce user authentication of the Mattermost instance, allowing unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.
References