Unauthorized Access Vulnerability in Mattermost Confluence Plugin
CVE-2025-44001

4MEDIUM

Key Information:

Vendor

Mattermost
Status
Mattermost Confluence Plugin
Vendor
CVE Published:
11 August 2025

What is CVE-2025-44001?

The Mattermost Confluence Plugin prior to version 1.5.0 contains a flaw that permits unauthorized users to access sensitive channel subscription information. This vulnerability arises from insufficient access control checks, which allow attackers to query the API endpoint responsible for fetching channel subscription details, thereby exposing sensitive data without proper authorization.

Affected Version(s)

Mattermost Confluence Plugin 0 < 1.5.0

Mattermost Confluence Plugin 1.5.0

References

https://mattermost.com/security-updates

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lorenzo Gallegos
.
CVE-2025-44001 : Unauthorized Access Vulnerability in Mattermost Confluence Plugin