x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-6xjj-v76v-fwpj #2007
Description
In GitHub Security Advisory GHSA-6xjj-v76v-fwpj, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/mattermost/mattermost-server/v6 | 7.10.4 | >= 7.10.0, <= 7.10.3 |
Cross references:
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-m7w4-q5vg-5xfp #1028 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-63f2-6959-2pxj #1711 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-8jhh-3jf2-pfwr #1712 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-9hj7-v56g-rhf6 #1727 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7g2v-2frm-rg94 #1778 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-455c-vqrf-mghr #1873 EFFECTIVELY_PRIVATE
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/mattermost/mattermost-server/v6
versions:
- introduced: TODO (earliest fixed "7.10.4", vuln range ">= 7.10.0, <= 7.10.3")
vulnerable_at: 6.7.2
packages:
- package: github.com/mattermost/mattermost-server/v6
- module: github.com/mattermost/mattermost-server/v6
versions:
- introduced: TODO (earliest fixed "7.9.6", vuln range ">= 7.9.0, <= 7.9.5")
vulnerable_at: 6.7.2
packages:
- package: github.com/mattermost/mattermost-server/v6
- module: github.com/mattermost/mattermost-server/v6
versions:
- introduced: TODO (earliest fixed "7.8.8", vuln range "<= 7.8.7")
vulnerable_at: 6.7.2
packages:
- package: github.com/mattermost/mattermost-server/v6
summary: |-
Mattermost does not validate requesting user permissions before updating admin
details
description: |-
Mattermost fails to properly validate the requesting user permissions when
updating a system admin, allowing a user manager to update a system admin's
details such as email, first name and last name.
cves:
- CVE-2023-4107
ghsas:
- GHSA-6xjj-v76v-fwpj
references:
- web: https://nvd.nist.gov/vuln/detail/CVE-2023-4107
- web: https://mattermost.com/security-updates
- advisory: https://github.com/advisories/GHSA-6xjj-v76v-fwpj