Headline

GHSA-6ff3-jgxh-vffj: Mattermost Confluence Plugin is Missing Authentication for Critical Function

Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint.

9 days ago

ghsa

Open in Source

#vulnerability #auth

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

ghsa: Latest News

GHSA-8hmm-4crw-vm2c: @musistudio/claude-code-router has improper CORS configuration

5 hours ago

ghsa

GHSA-pp7p-q8fx-2968: vite-plugin-static-copy files not included in `src` are possible to access with a crafted request

5 hours ago

ghsa

GHSA-95m3-7q98-8xr5: sha.js is missing type checks leading to hash rewind and passing on crafted data

5 hours ago

ghsa

GHSA-cpq7-6gpm-g9rc: cipher-base is missing type checks, leading to hash rewind and passing on crafted data

5 hours ago

ghsa

GHSA-79j6-g2m3-jgfw: vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder

5 hours ago

ghsa