x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3wq5-3f56-v5xc

[GoVulnBot]

In GitHub Security Advisory GHSA-3wq5-3f56-v5xc, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/mattermost/mattermost-server	7.1.6	>= 7.1.0, <= 7.1.5

Cross references:

• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-gwpf-95jc-63rv #601 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5jph-wrq7-v9hf #1126 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-v42f-hq78-8c5m #1127 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/mattermost/mattermost-server
    versions:
      - introduced: TODO (earliest fixed "7.1.6", vuln range ">= 7.1.0, <= 7.1.5")
    packages:
      - package: github.com/mattermost/mattermost-server
  - module: github.com/mattermost/mattermost-server
    versions:
      - introduced: TODO (earliest fixed "7.7.2", vuln range ">= 7.7.0, <= 7.7.1")
    packages:
      - package: github.com/mattermost/mattermost-server
  - module: github.com/mattermost/mattermost-server
    versions:
      - introduced: TODO (earliest fixed "7.8.1", vuln range "= 7.8.0")
    packages:
      - package: github.com/mattermost/mattermost-server
  - module: github.com/mattermost/mattermost-server
    versions:
      - introduced: TODO (earliest fixed "7.1.6", vuln range ">= 6.3.0, <= 6.7.2")
    packages:
      - package: github.com/mattermost/mattermost-server/v6
summary: Mattermost vulnerable to information disclosure
description: Mattermost allows an attacker to request a preview of an existing message
    when creating a new message via the createPost API call, disclosing the contents
    of the linked message.
cves:
  - CVE-2023-1777
ghsas:
  - GHSA-3wq5-3f56-v5xc
references:
  - web: https://nvd.nist.gov/vuln/detail/CVE-2023-1777
  - web: https://mattermost.com/security-updates/
  - advisory: https://github.com/advisories/GHSA-3wq5-3f56-v5xc

[gopherbot]

Change https://go.dev/cl/484235 mentions this issue: data/excluded: batch add GO-2023-1712, GO-2023-1711, GO-2023-1710, GO-2023-1708