Security Advisory
CVE-2025-54478
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.