x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-confluence: GHSA-3cg3-3mmr-w8hj #3872
Description
Advisory GHSA-3cg3-3mmr-w8hj references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/mattermost/mattermost-plugin-confluence |
Description:
Mattermost Confluence Plugin versions < 1.5.0 fail to handle unexpected request bodies, allowing attackers to crash the plugin via constant hits to the create channel subscription endpoint with an invalid request body.
References:
- ADVISORY: GHSA-3cg3-3mmr-w8hj
- ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-54525
- WEB: https://mattermost.com/security-updates
No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/mattermost/mattermost-plugin-confluence
versions:
- fixed: 1.5.0
vulnerable_at: 1.5.0-rc3
summary: Mattermost Confluence Plugin has Improper Validation of Specified Type of Input in github.com/mattermost/mattermost-plugin-confluence
cves:
- CVE-2025-54525
ghsas:
- GHSA-3cg3-3mmr-w8hj
references:
- advisory: https://github.com/advisories/GHSA-3cg3-3mmr-w8hj
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-54525
- web: https://mattermost.com/security-updates
source:
id: GHSA-3cg3-3mmr-w8hj
created: 2025-08-12T01:01:21.609736169Z
review_status: UNREVIEWED