Mattermost Confluence
14 CVEs affecting Mattermost Confluence. Latest disclosed: 2026-02-06. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-13523 | High | 7.7 | 2026-02-06 | Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Conflu… |
CVE-2025-54525 | High | 7.5 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create chann… |
CVE-2025-52931 | High | 7.5 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update chann… |
CVE-2025-54478 | High | 7.2 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to ed… |
CVE-2025-44004 | High | 7.2 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel… |
CVE-2025-48731 | Medium | 6.4 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a C… |
CVE-2025-54463 | Medium | 5.9 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webho… |
CVE-2025-53514 | Medium | 5.9 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webho… |
CVE-2025-54458 | Medium | 5.0 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a… |
CVE-2025-8285 | Medium | 4.0 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without… |
CVE-2025-53910 | Medium | 4.0 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription withou… |
CVE-2025-44001 | Medium | 4.0 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details wit… |
CVE-2025-53857 | Low | 3.7 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details wit… |
CVE-2025-49221 | Low | 3.7 | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to ac… |