{"id":"CVE-2025-49221","details":"Mattermost Confluence Plugin version \u003c1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint.","aliases":["GHSA-rfg4-2m63-fw2q","GO-2025-3862"],"modified":"2026-04-10T05:28:56.188807Z","published":"2025-08-11T19:15:28.100Z","related":["openSUSE-SU-2025:15469-1"],"references":[{"type":"ADVISORY","url":"https://mattermost.com/security-updates"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49221.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.5.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}