Metrics
Affected Vendors & Products
Solution
Update Mattermost Confluence Plugin to version 1.5.0 or higher.
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://mattermost.com/security-updates |
![]() ![]() |
Thu, 25 Sep 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost confluence
|
|
CPEs | cpe:2.3:a:mattermost:confluence:*:*:*:*:*:mattermost:*:* | |
Vendors & Products |
Mattermost confluence
|
Tue, 12 Aug 2025 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost
Mattermost mattermost |
|
Vendors & Products |
Mattermost
Mattermost mattermost |
Mon, 11 Aug 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 11 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint. | |
Title | Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin | |
Weaknesses | CWE-862 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Mattermost
Published:
Updated: 2025-08-11T19:37:14.499Z
Reserved: 2025-07-28T14:26:12.459Z
Link: CVE-2025-53857

Updated: 2025-08-11T19:37:08.562Z

Status : Analyzed
Published: 2025-08-11T19:15:29.603
Modified: 2025-09-25T18:55:50.410
Link: CVE-2025-53857

No data.

Updated: 2025-08-12T11:46:56Z