x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5fh7-7mw7-mmx5

In GitHub Security Advisory [GHSA-5fh7-7mw7-mmx5](https://github.com/advisories/GHSA-5fh7-7mw7-mmx5), there is a vulnerability in the following Go packages or modules:

| Unit | Fixed | Vulnerable Ranges |
| - | - | - |
| [github.com/mattermost/mattermost-server](https://pkg.go.dev/github.com/mattermost/mattermost-server) | 8.1.12 | >= 8.1.0, <= 8.1.11 || [github.com/mattermost/mattermost-server](https://pkg.go.dev/github.com/mattermost/mattermost-server) | 9.5.3 | >= 9.5.0, <= 9.5.2 |

Cross references:
- Module github.com/mattermost/mattermost-server appears in issue #601  EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server appears in issue #1126  EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server appears in issue #1127  EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server appears in issue #1710  EFFECTIVELY_PRIVATE


See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.

```
modules:
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "8.1.12", vuln range ">= 8.1.0, <= 8.1.11")
      packages:
        - package: github.com/mattermost/mattermost-server
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "9.5.3", vuln range ">= 9.5.0, <= 9.5.2")
      packages:
        - package: github.com/mattermost/mattermost-server
summary: Mattermost allows team admins to promote guests to team admins in github.com/mattermost/mattermost-server
cves:
    - CVE-2024-4195
ghsas:
    - GHSA-5fh7-7mw7-mmx5
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-4195
    - web: https://mattermost.com/security-updates
    - fix: https://github.com/mattermost/mattermost/commit/1e3497e0595bb4f9908c94dd9d4685d48556b7e8
    - fix: https://github.com/mattermost/mattermost/commit/f0872dd4e4ba34f061aa6982a71c7c29532aac2e
    - advisory: https://github.com/advisories/GHSA-5fh7-7mw7-mmx5
source:
    id: GHSA-5fh7-7mw7-mmx5

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5fh7-7mw7-mmx5 #2793

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5fh7-7mw7-mmx5 #2793

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions