blob: 974f712adc9342d2860668db3df50c12f9a29e3c [file] [log] [blame]
id: GO-2025-3379
modules:
- module: github.com/mattermost/mattermost-server
versions:
- introduced: 10.0.0+incompatible
- fixed: 10.0.4+incompatible
- introduced: 10.1.0+incompatible
- fixed: 10.1.4+incompatible
- introduced: 10.2.0+incompatible
- fixed: 10.2.1+incompatible
non_go_versions:
- introduced: 9.11.0
- fixed: 9.11.16
vulnerable_at: 10.2.1-rc1+incompatible
- module: github.com/mattermost/mattermost-server/v5
vulnerable_at: 5.39.3
- module: github.com/mattermost/mattermost-server/v6
vulnerable_at: 6.7.2
- module: github.com/mattermost/mattermost/server/v8
versions:
- fixed: 8.0.0-20250102081831-64c566a8280b
summary: |-
Mattermost Improper Validation of Specified Type of Input vulnerability in
github.com/mattermost/mattermost-server
cves:
- CVE-2025-20033
ghsas:
- GHSA-2549-xh72-qrpm
references:
- advisory: https://github.com/advisories/GHSA-2549-xh72-qrpm
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-20033
- web: https://mattermost.com/security-updates
notes:
- Manually moved v9.11.0 to "non_go_versions" to fix lint error.
- fix: 'github.com/mattermost/mattermost/server/v8: could not add vulnerable_at: could not find tagged version between introduced and fixed'
source:
id: GHSA-2549-xh72-qrpm
created: 2025-01-09T14:16:50.110467-05:00
review_status: UNREVIEWED