x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r67m-mf7v-qp7j

[GoVulnBot]

In GitHub Security Advisory GHSA-r67m-mf7v-qp7j, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/mattermost/mattermost/server/v8	9.0.1	= 9.0.0

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: TODO (earliest fixed "9.0.1", vuln range "= 9.0.0")
      packages:
        - package: github.com/mattermost/mattermost/server/v8
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: 8.1.0
          fixed: 8.1.3
      packages:
        - package: github.com/mattermost/mattermost/server/v8
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: 8.0.0
          fixed: 8.0.4
      packages:
        - package: github.com/mattermost/mattermost/server/v8
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - fixed: 7.8.12
      packages:
        - package: github.com/mattermost/mattermost-server/v6
summary: Mattermost password hash disclosure vulnerability
cves:
    - CVE-2023-5968
ghsas:
    - GHSA-r67m-mf7v-qp7j
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-5968
    - web: https://mattermost.com/security-updates
    - advisory: https://github.com/advisories/GHSA-r67m-mf7v-qp7j

[zpavlinovic]

Vulnerability in tool. No packages seem to be imported.

[gopherbot]

Change https://go.dev/cl/540875 mentions this issue: data/excluded: batch add 3 excluded reports

[gopherbot]

Change https://go.dev/cl/592763 mentions this issue: data/reports: unexclude 75 reports