x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-c6vp-jjgv-38wj #3096

GoVulnBot · 2024-08-23T22:02:55Z

Advisory GHSA-c6vp-jjgv-38wj references a vulnerability in the following Go modules:

Module
github.com/mattermost/mattermost-server
github.com/mattermost/mattermost-server/v5
github.com/mattermost/mattermost-server/v6
github.com/mattermost/mattermost/server/v8

Description:
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails.

References:

ADVISORY: GHSA-c6vp-jjgv-38wj
ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-39836
WEB: https://mattermost.com/security-updates

Cross references:

github.com/mattermost/mattermost-server appears in 45 other report(s):
- data/excluded/GO-2022-0601.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-gwpf-95jc-63rv #601) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1126.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5jph-wrq7-v9hf #1126) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1127.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-v42f-hq78-8c5m #1127) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1710.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3wq5-3f56-v5xc #1710) EFFECTIVELY_PRIVATE
- data/reports/GO-2022-0540.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540)
- data/reports/GO-2022-0576.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576)
- data/reports/GO-2022-0595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595)
- data/reports/GO-2022-0599.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599)
- data/reports/GO-2022-0604.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-hv5f-73mr-7vvj #604)
- data/reports/GO-2022-0616.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-qggc-pj29-j27m #616)
- data/reports/GO-2023-1939.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost: GHSA-j2h2-cvwh-cr64 #1939)
- data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
- data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
- data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
- data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
- data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
- data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
- data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
- data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
- data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
- data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
- data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
- data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
- data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
- data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
- data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
- data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
- data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
- data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
- data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
- data/reports/GO-2024-2793.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5fh7-7mw7-mmx5 #2793)
- data/reports/GO-2024-2794.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5qx9-9ffj-5r8f #2794)
- data/reports/GO-2024-2795.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-8f99-g2pj-x8w3 #2795)
- data/reports/GO-2024-2796.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-p2wq-4ggp-45f3 #2796)
- data/reports/GO-2024-2797.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-vx97-8q8q-qgq5 #2797)
- data/reports/GO-2024-2798.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-wj37-mpq9-xrcm #2798)
- data/reports/GO-2024-3020.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762m-4cx6-6mf4 #3020)
- data/reports/GO-2024-3022.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9fpw-c9x7-cv3j #3022)
- data/reports/GO-2024-3023.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg67-chm7-8m3j #3023)
- data/reports/GO-2024-3024.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg6q-84p8-qvqh #3024)
- data/reports/GO-2024-3025.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025)
- data/reports/GO-2024-3028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-cmc8-222c-vqp9 #3028)
- data/reports/GO-2024-3030.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jq3g-xqpx-37x3 #3030)
- data/reports/GO-2024-3031.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jr9x-3x7m-4j75 #3031)
- data/reports/GO-2024-3032.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vvpg-55p7-5h8w #3032)
github.com/mattermost/mattermost-server/v5 appears in 35 other report(s):
- data/reports/GO-2022-0540.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540)
- data/reports/GO-2022-0576.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576)
- data/reports/GO-2022-0595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595)
- data/reports/GO-2022-0599.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599)
- data/reports/GO-2022-0604.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-hv5f-73mr-7vvj #604)
- data/reports/GO-2022-0616.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-qggc-pj29-j27m #616)
- data/reports/GO-2023-1939.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost: GHSA-j2h2-cvwh-cr64 #1939)
- data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
- data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
- data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
- data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
- data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
- data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
- data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
- data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
- data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
- data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
- data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
- data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
- data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
- data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
- data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
- data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
- data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
- data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
- data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
- data/reports/GO-2024-3020.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762m-4cx6-6mf4 #3020)
- data/reports/GO-2024-3022.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9fpw-c9x7-cv3j #3022)
- data/reports/GO-2024-3023.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg67-chm7-8m3j #3023)
- data/reports/GO-2024-3024.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg6q-84p8-qvqh #3024)
- data/reports/GO-2024-3025.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025)
- data/reports/GO-2024-3028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-cmc8-222c-vqp9 #3028)
- data/reports/GO-2024-3030.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jq3g-xqpx-37x3 #3030)
- data/reports/GO-2024-3031.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jr9x-3x7m-4j75 #3031)
- data/reports/GO-2024-3032.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vvpg-55p7-5h8w #3032)
github.com/mattermost/mattermost-server/v6 appears in 57 other report(s):
- data/excluded/GO-2022-1028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-m7w4-q5vg-5xfp #1028) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1711.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-63f2-6959-2pxj #1711) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1712.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-8jhh-3jf2-pfwr #1712) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1727.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-9hj7-v56g-rhf6 #1727) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1778.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7g2v-2frm-rg94 #1778) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1873.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-455c-vqrf-mghr #1873) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2007.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-6xjj-v76v-fwpj #2007) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2008.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-9rww-66w7-7vjx #2008) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2009.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-g3v6-r8p9-wxg9 #2009) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2010.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-p267-jjfq-pphf #2010) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2087.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-33r7-wjfc-7w98 #2087) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2089.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-9hwp-cj7m-wjw4 #2089) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2090.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-h69v-mvh9-hfrq #2090) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2091.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-h8wh-f7gw-fwpr #2091) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2093.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-rp65-jpc7-8h8p #2093) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2358.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-3487-3j7c-7gwj #2358) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2359.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-4ghx-8jw8-p76q #2359) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2360.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-85jj-c9jr-9jhx #2360) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2361.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-c37r-v8jx-7cv2 #2361) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2362.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-j4c3-3h73-74m9 #2362) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2363.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-jcgv-3pfq-j4hr #2363) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2364.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-jj46-9cgh-qmfx #2364) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2365.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-jjr7-372r-cx7x #2365) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2366.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-p5pr-vm3j-jxxf #2366) EFFECTIVELY_PRIVATE
- data/reports/GO-2022-0540.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540)
- data/reports/GO-2022-0576.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576)
- data/reports/GO-2022-0595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595)
- data/reports/GO-2022-0599.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599)
- data/reports/GO-2022-0616.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-qggc-pj29-j27m #616)
- data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
- data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
- data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
- data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
- data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
- data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
- data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
- data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
- data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
- data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
- data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
- data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
- data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
- data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
- data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
- data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
- data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
- data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
- data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
- data/reports/GO-2024-3020.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762m-4cx6-6mf4 #3020)
- data/reports/GO-2024-3022.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9fpw-c9x7-cv3j #3022)
- data/reports/GO-2024-3023.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg67-chm7-8m3j #3023)
- data/reports/GO-2024-3024.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg6q-84p8-qvqh #3024)
- data/reports/GO-2024-3025.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025)
- data/reports/GO-2024-3028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-cmc8-222c-vqp9 #3028)
- data/reports/GO-2024-3030.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jq3g-xqpx-37x3 #3030)
- data/reports/GO-2024-3031.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jr9x-3x7m-4j75 #3031)
- data/reports/GO-2024-3032.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vvpg-55p7-5h8w #3032)
github.com/mattermost/mattermost/server/v8 appears in 32 other report(s):
- data/excluded/GO-2023-2182.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r67m-mf7v-qp7j #2182) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2183.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w496-f5qq-m58j #2183) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2184.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xvq6-h898-wcj8 #2184) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2390.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-63cv-4pc2-4fcf #2390) EFFECTIVELY_PRIVATE
- data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
- data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
- data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
- data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
- data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
- data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
- data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
- data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
- data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
- data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
- data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
- data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
- data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
- data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
- data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
- data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
- data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
- data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
- data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
- data/reports/GO-2024-3020.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762m-4cx6-6mf4 #3020)
- data/reports/GO-2024-3022.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9fpw-c9x7-cv3j #3022)
- data/reports/GO-2024-3023.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg67-chm7-8m3j #3023)
- data/reports/GO-2024-3024.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg6q-84p8-qvqh #3024)
- data/reports/GO-2024-3025.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025)
- data/reports/GO-2024-3028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-cmc8-222c-vqp9 #3028)
- data/reports/GO-2024-3030.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jq3g-xqpx-37x3 #3030)
- data/reports/GO-2024-3031.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jr9x-3x7m-4j75 #3031)
- data/reports/GO-2024-3032.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vvpg-55p7-5h8w #3032)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: 9.5.0+incompatible
        - fixed: 9.5.8+incompatible
        - introduced: 9.8.0+incompatible
        - fixed: 9.8.3+incompatible
        - introduced: 9.9.0+incompatible
        - fixed: 9.9.2+incompatible
        - introduced: 9.10.0+incompatible
        - fixed: 9.10.1+incompatible
      vulnerable_at: 9.10.1-rc3+incompatible
    - module: github.com/mattermost/mattermost-server/v5
      vulnerable_at: 5.39.3
    - module: github.com/mattermost/mattermost-server/v6
      vulnerable_at: 6.7.2
    - module: github.com/mattermost/mattermost/server/v8
      vulnerable_at: 8.0.0-20240823183705-f7b7a037ca95
summary: Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server
cves:
    - CVE-2024-39836
ghsas:
    - GHSA-c6vp-jjgv-38wj
references:
    - advisory: https://github.com/advisories/GHSA-c6vp-jjgv-38wj
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-39836
    - web: https://mattermost.com/security-updates
source:
    id: GHSA-c6vp-jjgv-38wj
    created: 2024-08-23T22:02:55.167098934Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-08-30T16:04:03Z

Change https://go.dev/cl/609141 mentions this issue: data/reports: add 21 unreviewed reports

tatianab added the triaged label Aug 30, 2024

gopherbot closed this as completed in fe86cd7 Aug 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-c6vp-jjgv-38wj #3096

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-c6vp-jjgv-38wj #3096

GoVulnBot commented Aug 23, 2024

gopherbot commented Aug 30, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-c6vp-jjgv-38wj #3096

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-c6vp-jjgv-38wj #3096

Comments

GoVulnBot commented Aug 23, 2024

gopherbot commented Aug 30, 2024