Описание
Mattermost Confluence Plugin has Missing Authorization vulnerability
Mattermost Confluence Plugin versions < 1.5.0 fail to enforce authentication of the user to the Mattermost instance, which allows unauthenticated attackers to access subscription details via an API call to the GET subscription endpoint.
Пакеты
Наименование
github.com/mattermost/mattermost-plugin-confluence
go
Затронутые версииВерсия исправления
< 1.5.0
1.5.0
Связанные уязвимости
CVSS3: 3.7
nvd
6 месяцев назад
Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint.