x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-p267-jjfq-pphf #2010

GoVulnBot · 2023-08-11T22:01:20Z

In GitHub Security Advisory GHSA-p267-jjfq-pphf, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/mattermost/mattermost-server/v6	7.8.8	<= 7.8.7

Cross references:

Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540 EFFECTIVELY_PRIVATE
Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576 EFFECTIVELY_PRIVATE
Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595 EFFECTIVELY_PRIVATE
Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599 EFFECTIVELY_PRIVATE
Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-m7w4-q5vg-5xfp #1028 EFFECTIVELY_PRIVATE
Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-63f2-6959-2pxj #1711 EFFECTIVELY_PRIVATE
Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-8jhh-3jf2-pfwr #1712 EFFECTIVELY_PRIVATE
Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-9hj7-v56g-rhf6 #1727 EFFECTIVELY_PRIVATE
Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7g2v-2frm-rg94 #1778 EFFECTIVELY_PRIVATE
Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-455c-vqrf-mghr #1873 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/mattermost/mattermost-server/v6
      versions:
        - introduced: TODO (earliest fixed "7.8.8", vuln range "<= 7.8.7")
      vulnerable_at: 6.7.2
      packages:
        - package: github.com/mattermost/mattermost-server/v6
    - module: github.com/mattermost/mattermost-server/v6
      versions:
        - introduced: TODO (earliest fixed "7.10.4", vuln range ">= 7.10.0, <= 7.10.3")
      vulnerable_at: 6.7.2
      packages:
        - package: github.com/mattermost/mattermost-server/v6
    - module: github.com/mattermost/mattermost-server/v6
      versions:
        - introduced: TODO (earliest fixed "7.9.6", vuln range ">= 7.9.0, <= 7.9.5")
      vulnerable_at: 6.7.2
      packages:
        - package: github.com/mattermost/mattermost-server/v6
summary: |-
    Mattermost fails to check if user is a guest before performing actions on public
    playbooks
description: |-
    Mattermost fails to check if the requesting user is a guest before performing
    different actions to public playbooks, resulting a guest being able to view,
    join, edit, export and archive public playbooks.
cves:
    - CVE-2023-4106
ghsas:
    - GHSA-p267-jjfq-pphf
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-4106
    - web: https://mattermost.com/security-updates
    - advisory: https://github.com/advisories/GHSA-p267-jjfq-pphf

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-08-24T16:48:44Z

Change https://go.dev/cl/522555 mentions this issue: data/excluded: batch add 11 excluded reports

gopherbot · 2024-06-14T17:50:12Z

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports

maceonthompson self-assigned this Aug 23, 2023

maceonthompson added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Aug 23, 2023

gopherbot closed this as completed in 7fdbb06 Aug 24, 2023

GoVulnBot mentioned this issue Jan 3, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448

Closed

GoVulnBot mentioned this issue Aug 22, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2jhx-w3vc-w59g #3089

Closed

GoVulnBot mentioned this issue Sep 27, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-59hf-mpf8-pqjh #3164

Closed

GoVulnBot mentioned this issue Jan 17, 2025

x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w6xh-c82w-h997 #3407

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-p267-jjfq-pphf #2010

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-p267-jjfq-pphf #2010

GoVulnBot commented Aug 11, 2023

gopherbot commented Aug 24, 2023

gopherbot commented Jun 14, 2024

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-p267-jjfq-pphf #2010

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-p267-jjfq-pphf #2010

Comments

GoVulnBot commented Aug 11, 2023

gopherbot commented Aug 24, 2023

gopherbot commented Jun 14, 2024