Primary

Context

Mattermost Confluence Plugin Channel Subscription Endpoint Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the Mattermost Confluence Plugin, specifically in versions prior to 1.5.0. The issue arises because the plugin does not properly manage unexpected request bodies, allowing attackers to crash the plugin by repeatedly sending invalid requests to the channel subscription creation endpoint.

Impact

Exploitation of this vulnerability leads to a crash of the Confluence plugin, causing a denial-of-service condition where the plugin becomes unresponsive or unavailable.

Remediation

Users can upgrade to Mattermost Confluence Plugin version 1.5.0 or later to address this vulnerability.

Added: Aug 11, 2025, 7:16 PM

Updated: Aug 11, 2025, 7:16 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Confluence Plugin Channel Subscription Endpoint Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating