x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-qggc-pj29-j27m #616
Description
In GitHub Security Advisory GHSA-qggc-pj29-j27m, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/mattermost/mattermost-server/v5 | 5.37.9 | < 5.37.9 |
See doc/triage.md for instructions on how to triage this report.
packages:
- package: github.com/mattermost/mattermost-server/v5
versions:
- fixed: 5.37.9
- package: github.com/mattermost/mattermost-server/v6
versions:
- introduced: TODO (earliest fixed "6.25", vuln range ">= 6.0.0, < 6.2.5")
- package: github.com/mattermost/mattermost-server/v6
versions:
- introduced: 6.3.0
fixed: 6.3.5
- package: github.com/mattermost/mattermost-server/v6
versions:
- introduced: 6.4.0
fixed: 6.4.2
description: One of the API in Mattermost version 6.4.1 and earlier fails to properly
protect the permissions, which allows the authenticated members with restricted
custom admin role to bypass the restrictions and view the server logs and server
config.json file contents. Per the Mattermost security updates page, versions
6.4.2, 6.3.5, 6.2.5, and 5.37.9 contain patches for this issue
published: 2022-04-14T00:00:17Z
last_modified: 2022-04-22T21:05:51Z
cves:
- CVE-2022-1332
ghsas:
- GHSA-qggc-pj29-j27m
links:
context:
- https://github.com/advisories/GHSA-qggc-pj29-j27m