blob: 538ac679e6381590e83ee7a8e9348782238d18b3 [file] [log] [blame]
id: GO-2024-3031
modules:
- module: github.com/mattermost/mattermost-server
versions:
- introduced: 9.5.0+incompatible
- fixed: 9.5.7+incompatible
- introduced: 9.7.0+incompatible
- fixed: 9.7.6+incompatible
- introduced: 9.8.0+incompatible
- fixed: 9.8.2+incompatible
- introduced: 9.9.0+incompatible
- fixed: 9.9.1+incompatible
vulnerable_at: 9.9.1-rc4+incompatible
- module: github.com/mattermost/mattermost-server/v5
vulnerable_at: 5.39.3
- module: github.com/mattermost/mattermost-server/v6
vulnerable_at: 6.7.2
- module: github.com/mattermost/mattermost/server/v8
vulnerable_at: 8.0.0-20240806200347-2e004bb7bc12
summary: Mattermost allows a remote actor to make an arbitrary local channel read-only in github.com/mattermost/mattermost-server
cves:
- CVE-2024-41162
ghsas:
- GHSA-jr9x-3x7m-4j75
references:
- advisory: https://github.com/advisories/GHSA-jr9x-3x7m-4j75
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-41162
- web: https://mattermost.com/security-updates
source:
id: GHSA-jr9x-3x7m-4j75
created: 2024-08-06T18:28:55.63074-04:00
review_status: UNREVIEWED