x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5qx9-9ffj-5r8f

[GoVulnBot]

In GitHub Security Advisory GHSA-5qx9-9ffj-5r8f, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/mattermost/mattermost-server	8.1.12	>= 8.1.0, <= 8.1.11

Cross references:

• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-gwpf-95jc-63rv #601 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5jph-wrq7-v9hf #1126 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-v42f-hq78-8c5m #1127 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3wq5-3f56-v5xc #1710 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "8.1.12", vuln range ">= 8.1.0, <= 8.1.11")
      packages:
        - package: github.com/mattermost/mattermost-server
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "9.5.3", vuln range ">= 9.5.0, <= 9.5.2")
      packages:
        - package: github.com/mattermost/mattermost-server
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: TODO (earliest fixed "9.6.1", vuln range ">= 9.6.0-rc1, <= 9.6.0")
      packages:
        - package: github.com/mattermost/mattermost-server
summary: Mattermost fails to fully validate role changes in github.com/mattermost/mattermost-server
cves:
    - CVE-2024-4198
ghsas:
    - GHSA-5qx9-9ffj-5r8f
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-4198
    - web: https://mattermost.com/security-updates
    - fix: https://github.com/mattermost/mattermost/commit/3d6d8a7c1f7105558fe266a1b379859a4dba4e9b
    - fix: https://github.com/mattermost/mattermost/commit/408ce4a82bb55ce27801f7044d9b3b49e82c47ed
    - fix: https://github.com/mattermost/mattermost/commit/fba5b8e348feada9b21290369c3598ccd5c04424
    - advisory: https://github.com/advisories/GHSA-5qx9-9ffj-5r8f
source:
    id: GHSA-5qx9-9ffj-5r8f

[gopherbot]

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

[gopherbot]

Change https://go.dev/cl/590278 mentions this issue: data/reports: add 48 unreviewed reports