CVE-2025-8285 – github.com/mattermost/mattermost-plugin-confluence

Package

Manager: go
Name: github.com/mattermost/mattermost-plugin-confluence
Vulnerable Version: >=0 <1.5.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00037 pctl0.09763

Details

Mattermost Confluence Plugin has Missing Authorization vulnerability Mattermost Confluence Plugin versions < 1.5.0 fail to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint.

Metadata

Created: 2025-08-11T21:31:40Z
Modified: 2025-08-11T23:18:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-qjrx-j8wm-xf83/GHSA-qjrx-j8wm-xf83.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-qjrx-j8wm-xf83
Finding: F039
Auto approve: 1