Headline

GHSA-cmpr-8prq-w5p5: Mattermost Confluence Plugin has Missing Authorization vulnerability

Mattermost Confluence Plugin versions < 1.5.0 fail to check user access to Confluence spaces, which allows attackers to edit subscriptions for Confluence spaces that users do not have access to through the edit subscription endpoint.

9 days ago

ghsa

Open in Source

#vulnerability #auth

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

ghsa: Latest News

GHSA-8hmm-4crw-vm2c: @musistudio/claude-code-router has improper CORS configuration

5 hours ago

ghsa

GHSA-pp7p-q8fx-2968: vite-plugin-static-copy files not included in `src` are possible to access with a crafted request

5 hours ago

ghsa

GHSA-95m3-7q98-8xr5: sha.js is missing type checks leading to hash rewind and passing on crafted data

5 hours ago

ghsa

GHSA-cpq7-6gpm-g9rc: cipher-base is missing type checks, leading to hash rewind and passing on crafted data

5 hours ago

ghsa

GHSA-79j6-g2m3-jgfw: vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder

5 hours ago

ghsa