Upstream information
Description
Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CVSS detail | CNA (Mattermost) | National Vulnerability Database |
|---|---|---|
| Base Score | 5.9 | 7.5 |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Network | Network |
| Attack Complexity | High | Low |
| Privileges Required | None | None |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality Impact | None | None |
| Integrity Impact | None | None |
| Availability Impact | High | High |
| CVSSv3 Version | 3.1 | 3.1 |
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| Image SLE-Micro-BYOS-EC2 Image SLE-Micro-EC2 |
| |
| Image SLE-Micro-BYOS Image SLE-Micro-BYOS-GCE Image SLE-Micro-GCE |
| |
| Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS-Azure |
| |
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-15469 |
SUSE Timeline for this CVE
CVE page created: Mon Aug 11 22:02:02 2025CVE page last modified: Sat May 9 11:34:04 2026