Security Advisory

CVE-2025-54478

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-11 18:57:06
Last updated 2025-08-11 19:40:33
Assigner Mattermost
State PUBLISHED

Description

Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.