github.com/mattermost/mattermost-plugin-confluence (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/mattermost/mattermost-plugin-confluence, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (14)
CVE-2025-13523 — CVSS 7.7 (high): Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows…
CVE-2025-52931 — CVSS 7.5 (high): Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant…
CVE-2025-54525 — CVSS 7.5 (high): Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant…
CVE-2025-44004 — CVSS 7.2 (high): Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers…
CVE-2025-54478 — CVSS 7.2 (high): Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows…
CVE-2025-48731 — CVSS 6.4 (medium): Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a…
CVE-2025-53514 — CVSS 5.9 (medium): Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant…
CVE-2025-54463 — CVSS 5.9 (medium): Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant…
CVE-2025-54458 — CVSS 5.0 (medium): Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create…
CVE-2025-8285 — CVSS 4.0 (medium): Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel…
CVE-2025-44001 — CVSS 4.0 (medium): Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel…
CVE-2025-53910 — CVSS 4.0 (medium): Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel…
CVE-2025-53857 — CVSS 3.7 (low): Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel…
CVE-2025-49221 — CVSS 3.7 (low): Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows…