Headline

GHSA-vpcr-fqpc-386h: Mattermost Confluence Plugin has Missing Authorization vulnerability

Mattermost Confluence Plugin versions < 1.5.0 fail to check user access to the channel, which allows attackers to get channel subscription details without proper access to the channel via an API call to the Get Channel Subscriptions details endpoint.

9 days ago

ghsa

Open in Source

#vulnerability #auth

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

ghsa: Latest News

GHSA-8hmm-4crw-vm2c: @musistudio/claude-code-router has improper CORS configuration

4 hours ago

ghsa

GHSA-pp7p-q8fx-2968: vite-plugin-static-copy files not included in `src` are possible to access with a crafted request

4 hours ago

ghsa

GHSA-95m3-7q98-8xr5: sha.js is missing type checks leading to hash rewind and passing on crafted data

5 hours ago

ghsa

GHSA-cpq7-6gpm-g9rc: cipher-base is missing type checks, leading to hash rewind and passing on crafted data

5 hours ago

ghsa

GHSA-79j6-g2m3-jgfw: vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder

5 hours ago

ghsa