blob: 3d1ed7f7416c06099239244fea08a1682ec06efa [file] [log] [blame]
id: GO-2024-2595
modules:
- module: github.com/mattermost/mattermost-server
versions:
- introduced: 9.0.0+incompatible
- fixed: 9.4.2+incompatible
vulnerable_at: 9.4.2-rc2+incompatible
- module: github.com/mattermost/mattermost-server/v5
vulnerable_at: 5.39.3
- module: github.com/mattermost/mattermost-server/v6
vulnerable_at: 6.7.2
- module: github.com/mattermost/mattermost/server/v8
non_go_versions:
- fixed: 8.1.9
vulnerable_at: 8.0.0-20240626184126-817e18414e41
summary: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server
cves:
- CVE-2024-23488
ghsas:
- GHSA-xgxj-j98c-59rv
unknown_aliases:
- CGA-cp3f-8rch-xvmv
references:
- advisory: https://github.com/advisories/GHSA-xgxj-j98c-59rv
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-23488
- web: https://mattermost.com/security-updates
source:
id: GHSA-xgxj-j98c-59rv
created: 2024-06-26T16:13:06.887134-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE