internal/genericosv/testdata/yaml/GHSA-3wq5-3f56-v5xc.yaml - vulndb - Git at Google

 id: GO-TEST-ID
 modules:
     - module: github.com/mattermost/mattermost-server
       versions:
         - introduced: 7.1.0
           fixed: 7.1.6
     - module: github.com/mattermost/mattermost-server
       versions:
         - introduced: 7.7.0
           fixed: 7.7.2
     - module: github.com/mattermost/mattermost-server
       versions:
         - introduced: 7.8.0
           fixed: 7.8.1
     - module: github.com/mattermost/mattermost-server/v6
       versions:
         - introduced: 6.3.0
           fixed: 7.1.6
 summary: Mattermost vulnerable to information disclosure
 description: |-
     Mattermost allows an attacker to request a preview of an existing message when
     creating a new message via the createPost API call, disclosing the contents of
     the linked message.
 cves:
     - CVE-2023-1777
 ghsas:
     - GHSA-3wq5-3f56-v5xc
 references:
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1777
     - web: https://mattermost.com/security-updates/
     - package: github.com/mattermost/mattermost-server
 notes:
     - 'lint: "github.com/mattermost/mattermost-server" is not a valid URL'
     - 'lint: github.com/mattermost/mattermost-server/v6: bad version "7.1.6": github.com/mattermost/mattermost-server/v6@v7.1.6: invalid version: should be v6, not v7'
     - 'lint: github.com/mattermost/mattermost-server: bad version "7.1.0": github.com/mattermost/mattermost-server@v7.1.0: invalid version: should be v0 or v1, not v7'
     - 'lint: github.com/mattermost/mattermost-server: bad version "7.7.0": github.com/mattermost/mattermost-server@v7.7.0: invalid version: should be v0 or v1, not v7'
     - 'lint: github.com/mattermost/mattermost-server: bad version "7.8.0": github.com/mattermost/mattermost-server@v7.8.0: invalid version: should be v0 or v1, not v7'
	id: GO-TEST-ID
	modules:
	- module: github.com/mattermost/mattermost-server
	versions:
	- introduced: 7.1.0
	fixed: 7.1.6
	- module: github.com/mattermost/mattermost-server
	versions:
	- introduced: 7.7.0
	fixed: 7.7.2
	- module: github.com/mattermost/mattermost-server
	versions:
	- introduced: 7.8.0
	fixed: 7.8.1
	- module: github.com/mattermost/mattermost-server/v6
	versions:
	- introduced: 6.3.0
	fixed: 7.1.6
	summary: Mattermost vulnerable to information disclosure
	description: \|-
	Mattermost allows an attacker to request a preview of an existing message when
	creating a new message via the createPost API call, disclosing the contents of
	the linked message.
	cves:
	- CVE-2023-1777
	ghsas:
	- GHSA-3wq5-3f56-v5xc
	references:
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-1777
	- web: https://mattermost.com/security-updates/
	- package: github.com/mattermost/mattermost-server
	notes:
	- 'lint: "github.com/mattermost/mattermost-server" is not a valid URL'
	- 'lint: github.com/mattermost/mattermost-server/v6: bad version "7.1.6": github.com/mattermost/mattermost-server/v6@v7.1.6: invalid version: should be v6, not v7'
	- 'lint: github.com/mattermost/mattermost-server: bad version "7.1.0": github.com/mattermost/mattermost-server@v7.1.0: invalid version: should be v0 or v1, not v7'
	- 'lint: github.com/mattermost/mattermost-server: bad version "7.7.0": github.com/mattermost/mattermost-server@v7.7.0: invalid version: should be v0 or v1, not v7'
	- 'lint: github.com/mattermost/mattermost-server: bad version "7.8.0": github.com/mattermost/mattermost-server@v7.8.0: invalid version: should be v0 or v1, not v7'