-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
GoGoMiggo AIRoot Cause AnalysisThe vulnerability, described as 'Improper Validation of Specified Type of Input', allowed attackers to crash the Mattermost Confluence plugin. My analysis of the commits between the vulnerable version and the patched version (v1.5.0) confirms this. The root cause was a lack of input validation and error handling in several key areas.
Webhook Handlers (handleConfluenceServerWebhook, handleConfluenceCloudWebhook): These endpoints were susceptible to panics. The server webhook handler didn't handle JSON unmarshalling errors, so a malformed request would crash the process. Both cloud and server webhook processing logic lacked checks for nil objects within the event payload, leading to nil pointer dereference panics when processing crafted events.
Subscription Management (handleSaveSubscription, handleEditChannelSubscription): These endpoints allowed the creation and modification of subscriptions without validating the presence of essential fields like spaceKey or pageID. This invalid data would be stored and later cause a crash when other parts of the plugin tried to process the subscription, assuming valid data.
The patches address these issues by:
nil checks to ensure all required objects and fields exist in webhook payloads before they are accessed.An engineer with this CVE in their environment should understand that unauthenticated attackers can send specially crafted HTTP requests to the plugin's API endpoints to cause a denial of service by crashing the plugin repeatedly.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/mattermost/mattermost-plugin-confluence | go | < 1.5.0 | 1.5.0 |
Ongoing coverage of React2Shell