ГлавнаяУязвимости → CVE-2025-54478
7.2высокая

CVE-2025-54478

Описание

Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.

Затрагиваемое ПО
Mattermost Confluence
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Источники
https://mattermost.com/security-updates