Mattermost Confluence

14 CVEs affecting Mattermost Confluence. Latest disclosed: 2026-02-06. Critical: 0, High: 5.

Top CVEs affecting Mattermost Confluence
CVESeverityScorePublishedSummary
CVE-2025-13523High7.72026-02-06Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Conflu…
CVE-2025-54525High7.52025-08-11Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create chann…
CVE-2025-52931High7.52025-08-11Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update chann…
CVE-2025-54478High7.22025-08-11Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to ed…
CVE-2025-44004High7.22025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel…
CVE-2025-48731Medium6.42025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a C…
CVE-2025-54463Medium5.92025-08-11Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webho…
CVE-2025-53514Medium5.92025-08-11Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webho…
CVE-2025-54458Medium5.02025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a…
CVE-2025-8285Medium4.02025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without…
CVE-2025-53910Medium4.02025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription withou…
CVE-2025-44001Medium4.02025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details wit…
CVE-2025-53857Low3.72025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details wit…
CVE-2025-49221Low3.72025-08-11Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to ac…