x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025

GoVulnBot · 2024-08-02T14:02:55Z

Advisory GHSA-56mc-f9w7-2wxq references a vulnerability in the following Go modules:

Module
github.com/mattermost/mattermost-server
github.com/mattermost/mattermost-server/v5
github.com/mattermost/mattermost-server/v6
github.com/mattermost/mattermost/server/v8

Description:
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious remote to overwrite an existing local user.

References:

ADVISORY: GHSA-56mc-f9w7-2wxq
ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-36492
WEB: https://mattermost.com/security-updates

Cross references:

github.com/mattermost/mattermost-server appears in 29 other report(s):
- data/excluded/GO-2022-0601.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-gwpf-95jc-63rv #601) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1126.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5jph-wrq7-v9hf #1126) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1127.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-v42f-hq78-8c5m #1127) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1710.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3wq5-3f56-v5xc #1710) EFFECTIVELY_PRIVATE
- data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
- data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
- data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
- data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
- data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
- data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
- data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
- data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
- data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
- data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
- data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
- data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
- data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
- data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
- data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
- data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
- data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
- data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
- data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
- data/reports/GO-2024-2793.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5fh7-7mw7-mmx5 #2793)
- data/reports/GO-2024-2794.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5qx9-9ffj-5r8f #2794)
- data/reports/GO-2024-2795.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-8f99-g2pj-x8w3 #2795)
- data/reports/GO-2024-2796.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-p2wq-4ggp-45f3 #2796)
- data/reports/GO-2024-2797.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-vx97-8q8q-qgq5 #2797)
- data/reports/GO-2024-2798.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-wj37-mpq9-xrcm #2798)
github.com/mattermost/mattermost-server/v5 appears in 21 other report(s):
- data/excluded/GO-2022-0604.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-hv5f-73mr-7vvj #604) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0616.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-qggc-pj29-j27m #616) EFFECTIVELY_PRIVATE
- data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
- data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
- data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
- data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
- data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
- data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
- data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
- data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
- data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
- data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
- data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
- data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
- data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
- data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
- data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
- data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
- data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
- data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
- data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
github.com/mattermost/mattermost-server/v6 appears in 47 other report(s):
- data/excluded/GO-2022-0540.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0576.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0599.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-m7w4-q5vg-5xfp #1028) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1711.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-63f2-6959-2pxj #1711) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1712.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-8jhh-3jf2-pfwr #1712) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1727.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-9hj7-v56g-rhf6 #1727) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1778.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7g2v-2frm-rg94 #1778) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1873.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-455c-vqrf-mghr #1873) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2007.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-6xjj-v76v-fwpj #2007) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2008.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-9rww-66w7-7vjx #2008) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2009.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-g3v6-r8p9-wxg9 #2009) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2010.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-p267-jjfq-pphf #2010) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2087.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-33r7-wjfc-7w98 #2087) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2089.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-9hwp-cj7m-wjw4 #2089) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2090.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-h69v-mvh9-hfrq #2090) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2091.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-h8wh-f7gw-fwpr #2091) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2093.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-rp65-jpc7-8h8p #2093) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2358.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-3487-3j7c-7gwj #2358) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2359.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-4ghx-8jw8-p76q #2359) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2360.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-85jj-c9jr-9jhx #2360) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2361.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-c37r-v8jx-7cv2 #2361) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2362.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-j4c3-3h73-74m9 #2362) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2363.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-jcgv-3pfq-j4hr #2363) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2364.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-jj46-9cgh-qmfx #2364) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2365.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-jjr7-372r-cx7x #2365) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2366.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-p5pr-vm3j-jxxf #2366) EFFECTIVELY_PRIVATE
- data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
- data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
- data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
- data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
- data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
- data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
- data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
- data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
- data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
- data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
- data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
- data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
- data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
- data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
- data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
- data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
- data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
- data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
- data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
github.com/mattermost/mattermost/server/v8 appears in 23 other report(s):
- data/excluded/GO-2023-2182.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r67m-mf7v-qp7j #2182) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2183.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w496-f5qq-m58j #2183) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2184.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xvq6-h898-wcj8 #2184) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2390.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-63cv-4pc2-4fcf #2390) EFFECTIVELY_PRIVATE
- data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
- data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
- data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
- data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
- data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
- data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
- data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
- data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
- data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
- data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
- data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
- data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
- data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
- data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
- data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
- data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
- data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
- data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
- data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: 9.5.0+incompatible
        - fixed: 9.5.7+incompatible
        - introduced: 9.7.0+incompatible
        - fixed: 9.7.6+incompatible
        - introduced: 9.8.0+incompatible
        - fixed: 9.8.2+incompatible
      non_go_versions:
        - introduced: TODO (earliest fixed "9.9.1", vuln range "= 9.9.0")
      vulnerable_at: 9.8.2-rc4+incompatible
    - module: github.com/mattermost/mattermost-server/v5
      vulnerable_at: 5.39.3
    - module: github.com/mattermost/mattermost-server/v6
      vulnerable_at: 6.7.2
    - module: github.com/mattermost/mattermost/server/v8
      vulnerable_at: 8.0.0-20240802063435-f7ef0ffbc5d6
summary: |-
    Mattermost failed to disallow the modification of local users when syncing users
    in shared channels in github.com/mattermost/mattermost-server
cves:
    - CVE-2024-36492
ghsas:
    - GHSA-56mc-f9w7-2wxq
references:
    - advisory: https://github.com/advisories/GHSA-56mc-f9w7-2wxq
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-36492
    - web: https://mattermost.com/security-updates
notes:
    - fix: 'module merge error: could not merge versions of module github.com/mattermost/mattermost-server: invalid or non-canonical semver version (found TODO (earliest fixed "9.9.1", vuln range "= 9.9.0"))'
source:
    id: GHSA-56mc-f9w7-2wxq
    created: 2024-08-02T14:02:55.425517028Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-08-06T22:19:01Z

Change https://go.dev/cl/603715 mentions this issue: data/reports: add 20 unreviewed reports

gopherbot · 2024-08-06T22:32:22Z

Change https://go.dev/cl/603716 mentions this issue: data/reports: add 19 unreviewed reports

tatianab added the triaged label Aug 3, 2024

gopherbot closed this as completed in 1be2c0b Aug 6, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025

GoVulnBot commented Aug 2, 2024

gopherbot commented Aug 6, 2024

gopherbot commented Aug 6, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025

Comments

GoVulnBot commented Aug 2, 2024

gopherbot commented Aug 6, 2024

gopherbot commented Aug 6, 2024