7.2
CVE-2025-54478
- EPSS 0.15%
- Veröffentlicht 11.08.2025 18:57:06
- Zuletzt bearbeitet 24.09.2025 00:41:21
- Quelle responsibledisclosure@mattermo
- CVE-Watchlists
- Unerledigt
LoginUnauthenticated Channel Subscription Edit in Mattermost Confluence Plugin
Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mattermost ≫ Confluence Version < 1.5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.349 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| responsibledisclosure@mattermost.com | 7.2 | 3.9 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.