CVE-2025-48731 – github.com/mattermost/mattermost-plugin-confluence

Package

Manager: go
Name: github.com/mattermost/mattermost-plugin-confluence
Vulnerable Version: >=0 <1.5.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00028 pctl0.06359

Details

Mattermost Confluence Plugin has Missing Authorization vulnerability Mattermost Confluence Plugin versions < 1.5.0 fail to check user access to Confluence spaces, which allows attackers to edit subscriptions for Confluence spaces that users do not have access to through the edit subscription endpoint.

Metadata

Created: 2025-08-11T21:31:39Z
Modified: 2025-08-11T22:59:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-cmpr-8prq-w5p5/GHSA-cmpr-8prq-w5p5.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-cmpr-8prq-w5p5
Finding: F039
Auto approve: 1