CVE-2025-44001: Mattermost Confluence Plugin has Missing Authorization vulnerability

August 11, 2025

Mattermost Confluence Plugin versions < 1.5.0 fail to check user access to the channel, which allows attackers to get channel subscription details without proper access to the channel via an API call to the Get Channel Subscriptions details endpoint.

References

github.com/advisories/GHSA-vpcr-fqpc-386h
github.com/mattermost/mattermost-plugin-confluence
mattermost.com/security-updates
nvd.nist.gov/vuln/detail/CVE-2025-44001

Code Behaviors & Features

Detect and mitigate CVE-2025-44001 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →