data/reports/GO-2024-3092.yaml

id: GO-2024-3092
modules:
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: 9.5.0+incompatible
        - fixed: 9.5.7+incompatible
        - introduced: 9.7.0+incompatible
        - fixed: 9.7.6+incompatible
        - introduced: 9.8.0+incompatible
        - fixed: 9.8.1+incompatible
        - introduced: 9.9.0+incompatible
        - fixed: 9.9.1+incompatible
      vulnerable_at: 9.9.1-rc4+incompatible
    - module: github.com/mattermost/mattermost-server/v5
      vulnerable_at: 5.39.3
    - module: github.com/mattermost/mattermost-server/v6
      vulnerable_at: 6.7.2
    - module: github.com/mattermost/mattermost/server/v8
      vulnerable_at: 8.0.0-20240830140759-a2a54af3380e
summary: Mattermost allows unsolicited invites to expose access to local channels in github.com/mattermost/mattermost-server
cves:
    - CVE-2024-39777
ghsas:
    - GHSA-q22q-2rrf-m27p
references:
    - advisory: https://github.com/advisories/GHSA-q22q-2rrf-m27p
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-39777
    - web: https://mattermost.com/security-updates
source:
    id: GHSA-q22q-2rrf-m27p
    created: 2024-08-30T11:53:48.483473-04:00
review_status: UNREVIEWED