Metrics
Affected Vendors & Products
Solution
Update Mattermost Confluence Plugin to version 1.5.0 or higher.
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://mattermost.com/security-updates |
![]() ![]() |
Wed, 24 Sep 2025 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost confluence
|
|
CPEs | cpe:2.3:a:mattermost:confluence:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mattermost confluence
|
Tue, 12 Aug 2025 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost
Mattermost mattermost |
|
Vendors & Products |
Mattermost
Mattermost mattermost |
Mon, 11 Aug 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 11 Aug 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint. | |
Title | Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin | |
Weaknesses | CWE-862 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Mattermost
Published:
Updated: 2025-08-11T19:41:20.762Z
Reserved: 2025-07-28T14:30:58.333Z
Link: CVE-2025-8285

Updated: 2025-08-11T19:41:16.871Z

Status : Analyzed
Published: 2025-08-11T19:15:30.887
Modified: 2025-09-24T00:34:43.767
Link: CVE-2025-8285

No data.

Updated: 2025-08-12T11:46:57Z