Skip to content

Commit 134d7ef

Browse files
nicholashusinnicholashusin
committed
data/reports: add 3 reports
 - data/reports/GO-2025-4129.yaml - data/reports/GO-2025-4130.yaml - data/reports/GO-2025-4131.yaml Fixes #4129 Fixes #4130 Fixes #4131 Change-Id: I7ed5e089f40e094c8adadc9ad309761a9f00c200 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/721260 Reviewed-by: Nicholas Husin <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Markus Kusano <[email protected]>
1 parent 0479361 commit 134d7ef

File tree

6 files changed

+495
-0
lines changed

6 files changed

+495
-0
lines changed

data/osv/GO-2025-4129.json

Lines changed: 138 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,138 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-4129",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-55073",
8+
"GHSA-ff85-qw3h-g9vp"
9+
],
10+
"summary": "Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL in github.com/mattermost/mattermost-server",
11+
"details": "Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL in github.com/mattermost/mattermost-server",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mattermost/mattermost-server",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "10.5.0+incompatible"
24+
},
25+
{
26+
"fixed": "10.5.12+incompatible"
27+
},
28+
{
29+
"introduced": "10.11.0+incompatible"
30+
},
31+
{
32+
"fixed": "10.11.4+incompatible"
33+
},
34+
{
35+
"introduced": "10.12.0+incompatible"
36+
},
37+
{
38+
"fixed": "10.12.1+incompatible"
39+
}
40+
]
41+
}
42+
],
43+
"ecosystem_specific": {}
44+
},
45+
{
46+
"package": {
47+
"name": "github.com/mattermost/mattermost-server/v5",
48+
"ecosystem": "Go"
49+
},
50+
"ranges": [
51+
{
52+
"type": "SEMVER",
53+
"events": [
54+
{
55+
"introduced": "0"
56+
}
57+
]
58+
}
59+
],
60+
"ecosystem_specific": {}
61+
},
62+
{
63+
"package": {
64+
"name": "github.com/mattermost/mattermost-server/v6",
65+
"ecosystem": "Go"
66+
},
67+
"ranges": [
68+
{
69+
"type": "SEMVER",
70+
"events": [
71+
{
72+
"introduced": "0"
73+
}
74+
]
75+
}
76+
],
77+
"ecosystem_specific": {}
78+
},
79+
{
80+
"package": {
81+
"name": "github.com/mattermost/mattermost/server/v8",
82+
"ecosystem": "Go"
83+
},
84+
"ranges": [
85+
{
86+
"type": "SEMVER",
87+
"events": [
88+
{
89+
"introduced": "0"
90+
},
91+
{
92+
"fixed": "8.0.0-20250929212932-a41db04d2746"
93+
}
94+
]
95+
}
96+
],
97+
"ecosystem_specific": {}
98+
}
99+
],
100+
"references": [
101+
{
102+
"type": "ADVISORY",
103+
"url": "https://github.com/advisories/GHSA-ff85-qw3h-g9vp"
104+
},
105+
{
106+
"type": "ADVISORY",
107+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55073"
108+
},
109+
{
110+
"type": "WEB",
111+
"url": "https://github.com/mattermost/mattermost/commit/375ce229f4923205394d8f27925372b2cbf28130"
112+
},
113+
{
114+
"type": "WEB",
115+
"url": "https://github.com/mattermost/mattermost/commit/6c288aa62bb3343183ec1d0a06360d14aa0193e9"
116+
},
117+
{
118+
"type": "WEB",
119+
"url": "https://github.com/mattermost/mattermost/commit/a41db04d2746ab549d056db4ede4cd803f64989c"
120+
},
121+
{
122+
"type": "WEB",
123+
"url": "https://github.com/mattermost/mattermost/commit/b822cea06bf5683a176e2c92711241bd29cd9389"
124+
},
125+
{
126+
"type": "WEB",
127+
"url": "https://github.com/mattermost/mattermost/commit/e47349ea0fc072ee1dfb196d9bb1c8fd1a589224"
128+
},
129+
{
130+
"type": "WEB",
131+
"url": "https://mattermost.com/security-updates"
132+
}
133+
],
134+
"database_specific": {
135+
"url": "https://pkg.go.dev/vuln/GO-2025-4129",
136+
"review_status": "UNREVIEWED"
137+
}
138+
}

data/osv/GO-2025-4130.json

Lines changed: 138 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,138 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-4130",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-11794",
8+
"GHSA-mqp8-pgg5-7x7m"
9+
],
10+
"summary": "Mattermost allows system administrators to access password hashes and MFA secrets in github.com/mattermost/mattermost-server",
11+
"details": "Mattermost allows system administrators to access password hashes and MFA secrets in github.com/mattermost/mattermost-server",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mattermost/mattermost-server",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "10.5.0+incompatible"
24+
},
25+
{
26+
"fixed": "10.5.12+incompatible"
27+
},
28+
{
29+
"introduced": "10.11.0+incompatible"
30+
},
31+
{
32+
"fixed": "10.11.4+incompatible"
33+
},
34+
{
35+
"introduced": "10.12.0+incompatible"
36+
},
37+
{
38+
"fixed": "10.12.1+incompatible"
39+
}
40+
]
41+
}
42+
],
43+
"ecosystem_specific": {}
44+
},
45+
{
46+
"package": {
47+
"name": "github.com/mattermost/mattermost-server/v5",
48+
"ecosystem": "Go"
49+
},
50+
"ranges": [
51+
{
52+
"type": "SEMVER",
53+
"events": [
54+
{
55+
"introduced": "0"
56+
}
57+
]
58+
}
59+
],
60+
"ecosystem_specific": {}
61+
},
62+
{
63+
"package": {
64+
"name": "github.com/mattermost/mattermost-server/v6",
65+
"ecosystem": "Go"
66+
},
67+
"ranges": [
68+
{
69+
"type": "SEMVER",
70+
"events": [
71+
{
72+
"introduced": "0"
73+
}
74+
]
75+
}
76+
],
77+
"ecosystem_specific": {}
78+
},
79+
{
80+
"package": {
81+
"name": "github.com/mattermost/mattermost/server/v8",
82+
"ecosystem": "Go"
83+
},
84+
"ranges": [
85+
{
86+
"type": "SEMVER",
87+
"events": [
88+
{
89+
"introduced": "0"
90+
},
91+
{
92+
"fixed": "8.0.0-20250929212932-a41db04d2746"
93+
}
94+
]
95+
}
96+
],
97+
"ecosystem_specific": {}
98+
}
99+
],
100+
"references": [
101+
{
102+
"type": "ADVISORY",
103+
"url": "https://github.com/advisories/GHSA-mqp8-pgg5-7x7m"
104+
},
105+
{
106+
"type": "ADVISORY",
107+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11794"
108+
},
109+
{
110+
"type": "WEB",
111+
"url": "https://github.com/mattermost/mattermost/commit/375ce229f4923205394d8f27925372b2cbf28130"
112+
},
113+
{
114+
"type": "WEB",
115+
"url": "https://github.com/mattermost/mattermost/commit/6c288aa62bb3343183ec1d0a06360d14aa0193e9"
116+
},
117+
{
118+
"type": "WEB",
119+
"url": "https://github.com/mattermost/mattermost/commit/a41db04d2746ab549d056db4ede4cd803f64989c"
120+
},
121+
{
122+
"type": "WEB",
123+
"url": "https://github.com/mattermost/mattermost/commit/b822cea06bf5683a176e2c92711241bd29cd9389"
124+
},
125+
{
126+
"type": "WEB",
127+
"url": "https://github.com/mattermost/mattermost/commit/e47349ea0fc072ee1dfb196d9bb1c8fd1a589224"
128+
},
129+
{
130+
"type": "WEB",
131+
"url": "https://mattermost.com/security-updates"
132+
}
133+
],
134+
"database_specific": {
135+
"url": "https://pkg.go.dev/vuln/GO-2025-4130",
136+
"review_status": "UNREVIEWED"
137+
}
138+
}

data/osv/GO-2025-4131.json

Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,110 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-4131",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-41436",
8+
"GHSA-x3hx-ch7p-8xgg"
9+
],
10+
"summary": "Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server",
11+
"details": "Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mattermost/mattermost-server",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "11.0.0-alpha.1+incompatible"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
},
33+
{
34+
"package": {
35+
"name": "github.com/mattermost/mattermost-server/v5",
36+
"ecosystem": "Go"
37+
},
38+
"ranges": [
39+
{
40+
"type": "SEMVER",
41+
"events": [
42+
{
43+
"introduced": "0"
44+
}
45+
]
46+
}
47+
],
48+
"ecosystem_specific": {}
49+
},
50+
{
51+
"package": {
52+
"name": "github.com/mattermost/mattermost-server/v6",
53+
"ecosystem": "Go"
54+
},
55+
"ranges": [
56+
{
57+
"type": "SEMVER",
58+
"events": [
59+
{
60+
"introduced": "0"
61+
}
62+
]
63+
}
64+
],
65+
"ecosystem_specific": {}
66+
},
67+
{
68+
"package": {
69+
"name": "github.com/mattermost/mattermost/server/v8",
70+
"ecosystem": "Go"
71+
},
72+
"ranges": [
73+
{
74+
"type": "SEMVER",
75+
"events": [
76+
{
77+
"introduced": "0"
78+
},
79+
{
80+
"fixed": "8.0.0-20250815165020-c8d66301415d"
81+
}
82+
]
83+
}
84+
],
85+
"ecosystem_specific": {}
86+
}
87+
],
88+
"references": [
89+
{
90+
"type": "ADVISORY",
91+
"url": "https://github.com/advisories/GHSA-x3hx-ch7p-8xgg"
92+
},
93+
{
94+
"type": "ADVISORY",
95+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41436"
96+
},
97+
{
98+
"type": "WEB",
99+
"url": "https://github.com/mattermost/mattermost/commit/c8d66301415d5b447df0e829bdbaa92e8a83ecf8"
100+
},
101+
{
102+
"type": "WEB",
103+
"url": "https://mattermost.com/security-updates"
104+
}
105+
],
106+
"database_specific": {
107+
"url": "https://pkg.go.dev/vuln/GO-2025-4131",
108+
"review_status": "UNREVIEWED"
109+
}
110+
}

0 commit comments

Comments
 (0)