x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695
Description
In GitHub Security Advisory GHSA-mcw6-3256-64gg, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/mattermost/mattermost/server/v8 | 9.5.2 | >= 9.5.0, < 9.5.2 |
Cross references:
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r67m-mf7v-qp7j #2182 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w496-f5qq-m58j #2183 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xvq6-h898-wcj8 #2184 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-63cv-4pc2-4fcf #2390 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595 EFFECTIVELY_PRIVATE
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/mattermost/mattermost/server/v8
versions:
- introduced: 9.5.0
fixed: 9.5.2
packages:
- package: github.com/mattermost/mattermost/server/v8
- module: github.com/mattermost/mattermost/server/v8
versions:
- introduced: 9.4.0
fixed: 9.4.4
packages:
- package: github.com/mattermost/mattermost/server/v8
- module: github.com/mattermost/mattermost/server/v8
versions:
- introduced: 9.3.0
fixed: 9.3.3
packages:
- package: github.com/mattermost/mattermost/server/v8
- module: github.com/mattermost/mattermost/server/v8
versions:
- introduced: 8.1.0
fixed: 8.1.11
packages:
- package: github.com/mattermost/mattermost/server/v8
summary: Mattermost Server doesn't limit the number of user preferences
cves:
- CVE-2024-28949
ghsas:
- GHSA-mcw6-3256-64gg
references:
- web: https://nvd.nist.gov/vuln/detail/CVE-2024-28949
- web: https://mattermost.com/security-updates
- fix: https://github.com/mattermost/mattermost/commit/11a21f4da352a472a09de3b8e125514750a6619a
- fix: https://github.com/mattermost/mattermost/commit/362b7d29d35c00fe80721d3d47442a4f3168eb2b
- fix: https://github.com/mattermost/mattermost/commit/5632d6b4ff6d019a21bb8ddd037d4a931cd85ae2
- fix: https://github.com/mattermost/mattermost/commit/88f9285173dc4cb35fa19a8b8604e098a567f704
- advisory: https://github.com/advisories/GHSA-mcw6-3256-64gg