PT-2025-32570 · WordPress · Mattermost Confluence Plugin
Lorenzo Gallegos
·
Published
2025-07-10
·
Updated
2025-08-20
·
CVE-2025-44001
CVSS v3.1
4.0
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Mattermost Confluence Plugin versions prior to 1.5.0
Description:
The Mattermost Confluence Plugin does not verify user access to channels, potentially allowing unauthorized access to channel subscription details. This occurs through an API call to the
Get Channel Subscriptions details endpoint.Recommendations:
Update Mattermost Confluence Plugin to version 1.5.0 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mattermost Confluence Plugin