CVE-2025-44001

CWE-862Missing Authorization5 documents4 sources
Severity
4.0MEDIUM
EPSS
0.0%
top 90.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mattermost Mattermost Confluence PluginGithub.com Mattermost/mattermost-plugin-confluenceMattermost Confluence
Timeline
PublishedAug 11
Latest updateAug 18

Description

Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages3 packages

🔴Vulnerability Details

4
OSV
Mattermost Confluence Plugin has Missing Authorization vulnerability in github.com/mattermost/mattermost-plugin-confluence2025-08-18
GHSA
Mattermost Confluence Plugin has Missing Authorization vulnerability2025-08-11
OSV
Mattermost Confluence Plugin has Missing Authorization vulnerability2025-08-11
CVEList
Unauthorized Channel Subscription Read in Mattermost Confluence Plugin2025-08-11
CVE-2025-44001 (MEDIUM CVSS 4) | Mattermost Confluence Plugin versio | cvebase.io