data/reports: add 5 reports - data/reports/GO-2025-3724.yaml - data/reports/GO-2025-3728.yaml - data/reports/GO-2025-3729.yaml - data/reports/GO-2025-3730.yaml - data/reports/GO-2025-3731.yaml Fixes golang/vulndb#3724 Fixes golang/vulndb#3728 Fixes golang/vulndb#3729 Fixes golang/vulndb#3730 Fixes golang/vulndb#3731 Change-Id: I4a8fc2991f2d971cec8ae1831e4791388cb4da9a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/678496 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Neal Patel <nealpatel@google.com> Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/data/osv/GO-2025-3724.json b/data/osv/GO-2025-3724.json new file mode 100644 index 0000000..ab4961f --- /dev/null +++ b/data/osv/GO-2025-3724.json
@@ -0,0 +1,128 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2025-3724", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2025-3913", + "GHSA-4mmr-2w8p-whcr" + ], + "summary": "Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server", + "details": "Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server", + "affected": [ + { + "package": { + "name": "github.com/mattermost/mattermost-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "9.0.0-rc1+incompatible" + }, + { + "fixed": "9.11.13+incompatible" + }, + { + "introduced": "10.5.0-rc1+incompatible" + }, + { + "fixed": "10.5.4+incompatible" + }, + { + "introduced": "10.6.0-rc1+incompatible" + }, + { + "fixed": "10.6.3+incompatible" + }, + { + "introduced": "10.7.0-rc1+incompatible" + }, + { + "fixed": "10.7.1+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v5", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v6", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost/server/v8", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "8.0.0-20250412152950-02c76784380a" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-4mmr-2w8p-whcr" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3913" + }, + { + "type": "WEB", + "url": "https://github.com/mattermost/mattermost/commit/02c76784380acb6802601bd24c205553b9a5a1be" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2025-3724", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file
diff --git a/data/osv/GO-2025-3728.json b/data/osv/GO-2025-3728.json new file mode 100644 index 0000000..6f6af8d --- /dev/null +++ b/data/osv/GO-2025-3728.json
@@ -0,0 +1,122 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2025-3728", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2025-3611", + "GHSA-86jg-35xj-3vv5" + ], + "summary": "Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server", + "details": "Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server", + "affected": [ + { + "package": { + "name": "github.com/mattermost/mattermost-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "9.0.0-rc1+incompatible" + }, + { + "fixed": "9.11.13+incompatible" + }, + { + "introduced": "10.0.0-rc1+incompatible" + }, + { + "fixed": "10.5.4+incompatible" + }, + { + "introduced": "10.6.0-rc1+incompatible" + }, + { + "fixed": "10.7.1+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v5", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v6", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost/server/v8", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "8.0.0-20250414154356-6f33b721de76" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-86jg-35xj-3vv5" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3611" + }, + { + "type": "WEB", + "url": "https://github.com/mattermost/mattermost/commit/6f33b721de76b39a7714bfe0d5e9c1306869a3e3" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2025-3728", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file
diff --git a/data/osv/GO-2025-3729.json b/data/osv/GO-2025-3729.json new file mode 100644 index 0000000..b107117 --- /dev/null +++ b/data/osv/GO-2025-3729.json
@@ -0,0 +1,128 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2025-3729", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2025-2571", + "GHSA-8cgx-9ccj-3gwr" + ], + "summary": "Mattermost fails to clear Google OAuth credentials in github.com/mattermost/mattermost-server", + "details": "Mattermost fails to clear Google OAuth credentials in github.com/mattermost/mattermost-server", + "affected": [ + { + "package": { + "name": "github.com/mattermost/mattermost-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "9.0.0-rc1+incompatible" + }, + { + "fixed": "9.11.13+incompatible" + }, + { + "introduced": "10.0.0-rc1+incompatible" + }, + { + "fixed": "10.5.4+incompatible" + }, + { + "introduced": "10.6.0-rc1+incompatible" + }, + { + "fixed": "10.6.3+incompatible" + }, + { + "introduced": "10.7.0-rc1+incompatible" + }, + { + "fixed": "10.7.1+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v5", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v6", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost/server/v8", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "8.0.0-20250414095146-04676582cdd2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-8cgx-9ccj-3gwr" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2571" + }, + { + "type": "WEB", + "url": "https://github.com/mattermost/mattermost/commit/04676582cdd26f4fdfa78fcf60a7f8745e6b27f5" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2025-3729", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file
diff --git a/data/osv/GO-2025-3730.json b/data/osv/GO-2025-3730.json new file mode 100644 index 0000000..c289465 --- /dev/null +++ b/data/osv/GO-2025-3730.json
@@ -0,0 +1,122 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2025-3730", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2025-1792", + "GHSA-hc6v-386m-93pq" + ], + "summary": "Mattermost fails to properly enforce access controls for guest users in github.com/mattermost/mattermost-server", + "details": "Mattermost fails to properly enforce access controls for guest users in github.com/mattermost/mattermost-server", + "affected": [ + { + "package": { + "name": "github.com/mattermost/mattermost-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "9.0.0-rc1+incompatible" + }, + { + "fixed": "9.11.13+incompatible" + }, + { + "introduced": "10.0.0-rc1+incompatible" + }, + { + "fixed": "10.5.4+incompatible" + }, + { + "introduced": "10.6.0-rc1+incompatible" + }, + { + "fixed": "10.7.1+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v5", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v6", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost/server/v8", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "8.0.0-20250414110750-c23f44fe8ed0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-hc6v-386m-93pq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1792" + }, + { + "type": "WEB", + "url": "https://github.com/mattermost/mattermost/commit/c23f44fe8ed02f71d506f99adc30ad34c58c89d1" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2025-3730", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file
diff --git a/data/osv/GO-2025-3731.json b/data/osv/GO-2025-3731.json new file mode 100644 index 0000000..64f78ca --- /dev/null +++ b/data/osv/GO-2025-3731.json
@@ -0,0 +1,128 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2025-3731", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2025-3230", + "GHSA-mc2f-jgj6-6cp3" + ], + "summary": "Mattermost fails to properly invalidate personal access tokens upon user deactivation in github.com/mattermost/mattermost-server", + "details": "Mattermost fails to properly invalidate personal access tokens upon user deactivation in github.com/mattermost/mattermost-server", + "affected": [ + { + "package": { + "name": "github.com/mattermost/mattermost-server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "9.0.0-rc1+incompatible" + }, + { + "fixed": "9.11.13+incompatible" + }, + { + "introduced": "10.0.0-rc1+incompatible" + }, + { + "fixed": "10.5.4+incompatible" + }, + { + "introduced": "10.6.0-rc1+incompatible" + }, + { + "fixed": "10.6.3+incompatible" + }, + { + "introduced": "10.7.0-rc1+incompatible" + }, + { + "fixed": "10.7.1+incompatible" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v5", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost-server/v6", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/mattermost/mattermost/server/v8", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "8.0.0-20250402193107-65343f84a783" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-mc2f-jgj6-6cp3" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3230" + }, + { + "type": "WEB", + "url": "https://github.com/mattermost/mattermost/commit/65343f84a7830fa8078fe3df879fca924e4fac01" + }, + { + "type": "WEB", + "url": "https://mattermost.com/security-updates" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2025-3731", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file
diff --git a/data/reports/GO-2025-3724.yaml b/data/reports/GO-2025-3724.yaml new file mode 100644 index 0000000..6be919c --- /dev/null +++ b/data/reports/GO-2025-3724.yaml
@@ -0,0 +1,36 @@ +id: GO-2025-3724 +modules: + - module: github.com/mattermost/mattermost-server + versions: + - introduced: 9.0.0-rc1+incompatible + - fixed: 9.11.13+incompatible + - introduced: 10.5.0-rc1+incompatible + - fixed: 10.5.4+incompatible + - introduced: 10.6.0-rc1+incompatible + - fixed: 10.6.3+incompatible + - introduced: 10.7.0-rc1+incompatible + - fixed: 10.7.1+incompatible + vulnerable_at: 10.7.0+incompatible + - module: github.com/mattermost/mattermost-server/v5 + vulnerable_at: 5.39.3 + - module: github.com/mattermost/mattermost-server/v6 + vulnerable_at: 6.7.2 + - module: github.com/mattermost/mattermost/server/v8 + versions: + - fixed: 8.0.0-20250412152950-02c76784380a +summary: Mattermost improperly allows team administrators to modify team invites in github.com/mattermost/mattermost-server +cves: + - CVE-2025-3913 +ghsas: + - GHSA-4mmr-2w8p-whcr +references: + - advisory: https://github.com/advisories/GHSA-4mmr-2w8p-whcr + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-3913 + - web: https://github.com/mattermost/mattermost/commit/02c76784380acb6802601bd24c205553b9a5a1be + - web: https://mattermost.com/security-updates +notes: + - fix: 'github.com/mattermost/mattermost/server/v8: could not add vulnerable_at: could not find tagged version between introduced and fixed' +source: + id: GHSA-4mmr-2w8p-whcr + created: 2025-06-03T13:39:33.308212-04:00 +review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3728.yaml b/data/reports/GO-2025-3728.yaml new file mode 100644 index 0000000..e277b33 --- /dev/null +++ b/data/reports/GO-2025-3728.yaml
@@ -0,0 +1,36 @@ +id: GO-2025-3728 +modules: + - module: github.com/mattermost/mattermost-server + versions: + - introduced: 9.0.0-rc1+incompatible + - fixed: 9.11.13+incompatible + - introduced: 10.0.0-rc1+incompatible + - fixed: 10.5.4+incompatible + - introduced: 10.6.0-rc1+incompatible + - fixed: 10.7.1+incompatible + vulnerable_at: 10.7.0+incompatible + - module: github.com/mattermost/mattermost-server/v5 + vulnerable_at: 5.39.3 + - module: github.com/mattermost/mattermost-server/v6 + vulnerable_at: 6.7.2 + - module: github.com/mattermost/mattermost/server/v8 + versions: + - fixed: 8.0.0-20250414154356-6f33b721de76 +summary: |- + Mattermost fails to properly enforce access control restrictions for System + Manager roles in github.com/mattermost/mattermost-server +cves: + - CVE-2025-3611 +ghsas: + - GHSA-86jg-35xj-3vv5 +references: + - advisory: https://github.com/advisories/GHSA-86jg-35xj-3vv5 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-3611 + - web: https://github.com/mattermost/mattermost/commit/6f33b721de76b39a7714bfe0d5e9c1306869a3e3 + - web: https://mattermost.com/security-updates +notes: + - fix: 'github.com/mattermost/mattermost/server/v8: could not add vulnerable_at: could not find tagged version between introduced and fixed' +source: + id: GHSA-86jg-35xj-3vv5 + created: 2025-06-03T13:39:42.915668-04:00 +review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3729.yaml b/data/reports/GO-2025-3729.yaml new file mode 100644 index 0000000..4c53cda --- /dev/null +++ b/data/reports/GO-2025-3729.yaml
@@ -0,0 +1,36 @@ +id: GO-2025-3729 +modules: + - module: github.com/mattermost/mattermost-server + versions: + - introduced: 9.0.0-rc1+incompatible + - fixed: 9.11.13+incompatible + - introduced: 10.0.0-rc1+incompatible + - fixed: 10.5.4+incompatible + - introduced: 10.6.0-rc1+incompatible + - fixed: 10.6.3+incompatible + - introduced: 10.7.0-rc1+incompatible + - fixed: 10.7.1+incompatible + vulnerable_at: 10.7.0+incompatible + - module: github.com/mattermost/mattermost-server/v5 + vulnerable_at: 5.39.3 + - module: github.com/mattermost/mattermost-server/v6 + vulnerable_at: 6.7.2 + - module: github.com/mattermost/mattermost/server/v8 + versions: + - fixed: 8.0.0-20250414095146-04676582cdd2 +summary: Mattermost fails to clear Google OAuth credentials in github.com/mattermost/mattermost-server +cves: + - CVE-2025-2571 +ghsas: + - GHSA-8cgx-9ccj-3gwr +references: + - advisory: https://github.com/advisories/GHSA-8cgx-9ccj-3gwr + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-2571 + - web: https://github.com/mattermost/mattermost/commit/04676582cdd26f4fdfa78fcf60a7f8745e6b27f5 + - web: https://mattermost.com/security-updates +notes: + - fix: 'github.com/mattermost/mattermost/server/v8: could not add vulnerable_at: could not find tagged version between introduced and fixed' +source: + id: GHSA-8cgx-9ccj-3gwr + created: 2025-06-03T13:39:48.975074-04:00 +review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3730.yaml b/data/reports/GO-2025-3730.yaml new file mode 100644 index 0000000..e49e466 --- /dev/null +++ b/data/reports/GO-2025-3730.yaml
@@ -0,0 +1,34 @@ +id: GO-2025-3730 +modules: + - module: github.com/mattermost/mattermost-server + versions: + - introduced: 9.0.0-rc1+incompatible + - fixed: 9.11.13+incompatible + - introduced: 10.0.0-rc1+incompatible + - fixed: 10.5.4+incompatible + - introduced: 10.6.0-rc1+incompatible + - fixed: 10.7.1+incompatible + vulnerable_at: 10.7.0+incompatible + - module: github.com/mattermost/mattermost-server/v5 + vulnerable_at: 5.39.3 + - module: github.com/mattermost/mattermost-server/v6 + vulnerable_at: 6.7.2 + - module: github.com/mattermost/mattermost/server/v8 + versions: + - fixed: 8.0.0-20250414110750-c23f44fe8ed0 +summary: Mattermost fails to properly enforce access controls for guest users in github.com/mattermost/mattermost-server +cves: + - CVE-2025-1792 +ghsas: + - GHSA-hc6v-386m-93pq +references: + - advisory: https://github.com/advisories/GHSA-hc6v-386m-93pq + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-1792 + - web: https://github.com/mattermost/mattermost/commit/c23f44fe8ed02f71d506f99adc30ad34c58c89d1 + - web: https://mattermost.com/security-updates +notes: + - fix: 'github.com/mattermost/mattermost/server/v8: could not add vulnerable_at: could not find tagged version between introduced and fixed' +source: + id: GHSA-hc6v-386m-93pq + created: 2025-06-03T13:39:54.790032-04:00 +review_status: UNREVIEWED
diff --git a/data/reports/GO-2025-3731.yaml b/data/reports/GO-2025-3731.yaml new file mode 100644 index 0000000..c33604e --- /dev/null +++ b/data/reports/GO-2025-3731.yaml
@@ -0,0 +1,38 @@ +id: GO-2025-3731 +modules: + - module: github.com/mattermost/mattermost-server + versions: + - introduced: 9.0.0-rc1+incompatible + - fixed: 9.11.13+incompatible + - introduced: 10.0.0-rc1+incompatible + - fixed: 10.5.4+incompatible + - introduced: 10.6.0-rc1+incompatible + - fixed: 10.6.3+incompatible + - introduced: 10.7.0-rc1+incompatible + - fixed: 10.7.1+incompatible + vulnerable_at: 10.7.0+incompatible + - module: github.com/mattermost/mattermost-server/v5 + vulnerable_at: 5.39.3 + - module: github.com/mattermost/mattermost-server/v6 + vulnerable_at: 6.7.2 + - module: github.com/mattermost/mattermost/server/v8 + versions: + - fixed: 8.0.0-20250402193107-65343f84a783 +summary: |- + Mattermost fails to properly invalidate personal access tokens upon user + deactivation in github.com/mattermost/mattermost-server +cves: + - CVE-2025-3230 +ghsas: + - GHSA-mc2f-jgj6-6cp3 +references: + - advisory: https://github.com/advisories/GHSA-mc2f-jgj6-6cp3 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-3230 + - web: https://github.com/mattermost/mattermost/commit/65343f84a7830fa8078fe3df879fca924e4fac01 + - web: https://mattermost.com/security-updates +notes: + - fix: 'github.com/mattermost/mattermost/server/v8: could not add vulnerable_at: could not find tagged version between introduced and fixed' +source: + id: GHSA-mc2f-jgj6-6cp3 + created: 2025-06-03T13:40:00.859902-04:00 +review_status: UNREVIEWED