CVE-2025-49221

CWE-862Missing Authorization5 documents4 sources
Severity
3.7LOW
EPSS
0.1%
top 82.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mattermost Mattermost Confluence PluginGithub.com Mattermost/mattermost-plugin-confluenceMattermost Confluence
Timeline
PublishedAug 11
Latest updateAug 18

Description

Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages3 packages

🔴Vulnerability Details

4
OSV
Mattermost Confluence Plugin has Missing Authorization vulnerability in github.com/mattermost/mattermost-plugin-confluence2025-08-18
OSV
Mattermost Confluence Plugin has Missing Authorization vulnerability2025-08-11
GHSA
Mattermost Confluence Plugin has Missing Authorization vulnerability2025-08-11
CVEList
Unauthenticated Access to Channel Subscription in Mattermost Confluence Plugin2025-08-11
CVE-2025-49221 (LOW CVSS 3.7) | Mattermost Confluence Plugin versio | cvebase.io