x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-wj37-mpq9-xrcm

[GoVulnBot]

In GitHub Security Advisory GHSA-wj37-mpq9-xrcm, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/mattermost/mattermost-server	8.1.12	>= 8.1.0, <= 8.1.11

Cross references:

• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-gwpf-95jc-63rv #601 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5jph-wrq7-v9hf #1126 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-v42f-hq78-8c5m #1127 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3wq5-3f56-v5xc #1710 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "8.1.12", vuln range ">= 8.1.0, <= 8.1.11")
      packages:
        - package: github.com/mattermost/mattermost-server
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "9.4.5", vuln range ">= 9.4.0, <= 9.4.4")
      packages:
        - package: github.com/mattermost/mattermost-server
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "9.5.3", vuln range ">= 9.5.0, <= 9.5.2")
      packages:
        - package: github.com/mattermost/mattermost-server
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "9.6.1", vuln range ">= 9.6.0-rc1, <= 9.6.0")
      packages:
        - package: github.com/mattermost/mattermost-server
summary: Mattermost fails to limit the number of active sessions in github.com/mattermost/mattermost-server
cves:
    - CVE-2024-4183
ghsas:
    - GHSA-wj37-mpq9-xrcm
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-4183
    - web: https://mattermost.com/security-updates
    - fix: https://github.com/mattermost/mattermost/commit/86920d641760552c5aafa5e1d14c93bd30039bc4
    - fix: https://github.com/mattermost/mattermost/commit/9d81eee979aee93374bff8ba6714d805e12ffb03
    - fix: https://github.com/mattermost/mattermost/commit/b45c3dac4c160992a1ce757ade968e8f5ec506c1
    - fix: https://github.com/mattermost/mattermost/commit/bc699e6789cf3ba1544235087897699aaa639e7d
    - advisory: https://github.com/advisories/GHSA-wj37-mpq9-xrcm
source:
    id: GHSA-wj37-mpq9-xrcm

[gopherbot]

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

[gopherbot]

Change https://go.dev/cl/590278 mentions this issue: data/reports: add 48 unreviewed reports