x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-v469-7wp6-7cvp

[GoVulnBot]

Advisory GHSA-v469-7wp6-7cvp references a vulnerability in the following Go modules:

Module
github.com/mattermost/mattermost-server
github.com/mattermost/mattermost-server/v5
github.com/mattermost/mattermost-server/v6
github.com/mattermost/mattermost/server/v8

Description:
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards.

References:

• ADVISORY: GHSA-v469-7wp6-7cvp
• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-20051
• FIX: mattermost/mattermost-plugin-boards@025ce8d
• FIX: mattermost/mattermost@4ed702c
• WEB: https://mattermost.com/security-updates

Cross references:

• github.com/mattermost/mattermost-server appears in 70 other report(s):
  • data/excluded/GO-2022-0601.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-gwpf-95jc-63rv #601) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-1126.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5jph-wrq7-v9hf #1126) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-1127.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-v42f-hq78-8c5m #1127) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1710.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3wq5-3f56-v5xc #1710) EFFECTIVELY_PRIVATE
  • data/reports/GO-2022-0540.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540)
  • data/reports/GO-2022-0576.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576)
  • data/reports/GO-2022-0595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595)
  • data/reports/GO-2022-0599.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599)
  • data/reports/GO-2022-0604.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-hv5f-73mr-7vvj #604)
  • data/reports/GO-2022-0616.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-qggc-pj29-j27m #616)
  • data/reports/GO-2023-1939.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost: GHSA-j2h2-cvwh-cr64 #1939)
  • data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
  • data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
  • data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
  • data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
  • data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
  • data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
  • data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
  • data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
  • data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
  • data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
  • data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
  • data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
  • data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
  • data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
  • data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
  • data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
  • data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
  • data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
  • data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
  • data/reports/GO-2024-2793.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5fh7-7mw7-mmx5 #2793)
  • data/reports/GO-2024-2794.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5qx9-9ffj-5r8f #2794)
  • data/reports/GO-2024-2795.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-8f99-g2pj-x8w3 #2795)
  • data/reports/GO-2024-2796.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-p2wq-4ggp-45f3 #2796)
  • data/reports/GO-2024-2797.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-vx97-8q8q-qgq5 #2797)
  • data/reports/GO-2024-2798.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-wj37-mpq9-xrcm #2798)
  • data/reports/GO-2024-3020.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762m-4cx6-6mf4 #3020)
  • data/reports/GO-2024-3022.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9fpw-c9x7-cv3j #3022)
  • data/reports/GO-2024-3023.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg67-chm7-8m3j #3023)
  • data/reports/GO-2024-3024.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg6q-84p8-qvqh #3024)
  • data/reports/GO-2024-3025.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025)
  • data/reports/GO-2024-3028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-cmc8-222c-vqp9 #3028)
  • data/reports/GO-2024-3030.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jq3g-xqpx-37x3 #3030)
  • data/reports/GO-2024-3031.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jr9x-3x7m-4j75 #3031)
  • data/reports/GO-2024-3032.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vvpg-55p7-5h8w #3032)
  • data/reports/GO-2024-3089.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2jhx-w3vc-w59g #3089)
  • data/reports/GO-2024-3090.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3j95-8g47-fpwh #3090)
  • data/reports/GO-2024-3091.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fxq9-6946-34q7 #3091)
  • data/reports/GO-2024-3092.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q22q-2rrf-m27p #3092)
  • data/reports/GO-2024-3093.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4ww8-fprq-cq34 #3093)
  • data/reports/GO-2024-3094.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5263-pm2h-m7hw #3094)
  • data/reports/GO-2024-3096.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-c6vp-jjgv-38wj #3096)
  • data/reports/GO-2024-3097.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hrf9-rm95-fpf3 #3097)
  • data/reports/GO-2024-3164.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-59hf-mpf8-pqjh #3164)
  • data/reports/GO-2024-3227.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hm57-h27x-599c #3227)
  • data/reports/GO-2024-3232.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mvp-gh77-7vwh #3232)
  • data/reports/GO-2024-3233.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762g-9p7f-mrww #3233)
  • data/reports/GO-2024-3234.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762v-rq7q-ff97 #3234)
  • data/reports/GO-2024-3235.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-g376-m3h3-mj4r #3235)
  • data/reports/GO-2024-3334.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qqc8-rv37-79q5 #3334)
  • data/reports/GO-2024-3337.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-69pr-78gv-7c6h #3337)
  • data/reports/GO-2024-3338.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-826h-p4c3-477p #3338)
  • data/reports/GO-2024-3340.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-v647-h8jj-fw5r #3340)
  • data/reports/GO-2025-3377.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q8fg-cp3q-5jwm #3377)
  • data/reports/GO-2025-3379.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2549-xh72-qrpm #3379)
  • data/reports/GO-2025-3380.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7rgp-4j56-fm79 #3380)
  • data/reports/GO-2025-3392.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5m7j-6gc4-ff5g #3392)
  • data/reports/GO-2025-3393.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-8j3q-gc9x-7972 #3393)
  • data/reports/GO-2025-3394.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-45v9-w9fh-33j6 #3394)
  • data/reports/GO-2025-3407.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w6xh-c82w-h997 #3407)
• github.com/mattermost/mattermost-server/v5 appears in 60 other report(s):
  • data/reports/GO-2022-0540.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540)
  • data/reports/GO-2022-0576.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576)
  • data/reports/GO-2022-0595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595)
  • data/reports/GO-2022-0599.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599)
  • data/reports/GO-2022-0604.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-hv5f-73mr-7vvj #604)
  • data/reports/GO-2022-0616.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-qggc-pj29-j27m #616)
  • data/reports/GO-2023-1939.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost: GHSA-j2h2-cvwh-cr64 #1939)
  • data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
  • data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
  • data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
  • data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
  • data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
  • data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
  • data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
  • data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
  • data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
  • data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
  • data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
  • data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
  • data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
  • data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
  • data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
  • data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
  • data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
  • data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
  • data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
  • data/reports/GO-2024-3020.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762m-4cx6-6mf4 #3020)
  • data/reports/GO-2024-3022.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9fpw-c9x7-cv3j #3022)
  • data/reports/GO-2024-3023.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg67-chm7-8m3j #3023)
  • data/reports/GO-2024-3024.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg6q-84p8-qvqh #3024)
  • data/reports/GO-2024-3025.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025)
  • data/reports/GO-2024-3028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-cmc8-222c-vqp9 #3028)
  • data/reports/GO-2024-3030.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jq3g-xqpx-37x3 #3030)
  • data/reports/GO-2024-3031.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jr9x-3x7m-4j75 #3031)
  • data/reports/GO-2024-3032.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vvpg-55p7-5h8w #3032)
  • data/reports/GO-2024-3089.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2jhx-w3vc-w59g #3089)
  • data/reports/GO-2024-3090.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3j95-8g47-fpwh #3090)
  • data/reports/GO-2024-3091.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fxq9-6946-34q7 #3091)
  • data/reports/GO-2024-3092.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q22q-2rrf-m27p #3092)
  • data/reports/GO-2024-3093.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4ww8-fprq-cq34 #3093)
  • data/reports/GO-2024-3094.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5263-pm2h-m7hw #3094)
  • data/reports/GO-2024-3096.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-c6vp-jjgv-38wj #3096)
  • data/reports/GO-2024-3097.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hrf9-rm95-fpf3 #3097)
  • data/reports/GO-2024-3164.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-59hf-mpf8-pqjh #3164)
  • data/reports/GO-2024-3227.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hm57-h27x-599c #3227)
  • data/reports/GO-2024-3232.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mvp-gh77-7vwh #3232)
  • data/reports/GO-2024-3233.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762g-9p7f-mrww #3233)
  • data/reports/GO-2024-3234.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762v-rq7q-ff97 #3234)
  • data/reports/GO-2024-3235.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-g376-m3h3-mj4r #3235)
  • data/reports/GO-2024-3334.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qqc8-rv37-79q5 #3334)
  • data/reports/GO-2024-3337.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-69pr-78gv-7c6h #3337)
  • data/reports/GO-2024-3338.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-826h-p4c3-477p #3338)
  • data/reports/GO-2024-3340.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-v647-h8jj-fw5r #3340)
  • data/reports/GO-2025-3377.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q8fg-cp3q-5jwm #3377)
  • data/reports/GO-2025-3379.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2549-xh72-qrpm #3379)
  • data/reports/GO-2025-3380.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7rgp-4j56-fm79 #3380)
  • data/reports/GO-2025-3392.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5m7j-6gc4-ff5g #3392)
  • data/reports/GO-2025-3393.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-8j3q-gc9x-7972 #3393)
  • data/reports/GO-2025-3394.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-45v9-w9fh-33j6 #3394)
  • data/reports/GO-2025-3407.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w6xh-c82w-h997 #3407)
• github.com/mattermost/mattermost-server/v6 appears in 82 other report(s):
  • data/excluded/GO-2022-1028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-m7w4-q5vg-5xfp #1028) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1711.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-63f2-6959-2pxj #1711) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1712.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-8jhh-3jf2-pfwr #1712) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1727.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-9hj7-v56g-rhf6 #1727) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1778.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7g2v-2frm-rg94 #1778) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1873.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-455c-vqrf-mghr #1873) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2007.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-6xjj-v76v-fwpj #2007) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2008.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-9rww-66w7-7vjx #2008) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2009.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-g3v6-r8p9-wxg9 #2009) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2010.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-p267-jjfq-pphf #2010) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2087.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-33r7-wjfc-7w98 #2087) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2089.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-9hwp-cj7m-wjw4 #2089) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2090.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-h69v-mvh9-hfrq #2090) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2091.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-h8wh-f7gw-fwpr #2091) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2093.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-rp65-jpc7-8h8p #2093) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2358.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-3487-3j7c-7gwj #2358) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2359.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-4ghx-8jw8-p76q #2359) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2360.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-85jj-c9jr-9jhx #2360) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2361.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-c37r-v8jx-7cv2 #2361) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2362.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-j4c3-3h73-74m9 #2362) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2363.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-jcgv-3pfq-j4hr #2363) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2364.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-jj46-9cgh-qmfx #2364) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2365.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-jjr7-372r-cx7x #2365) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2366.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-p5pr-vm3j-jxxf #2366) EFFECTIVELY_PRIVATE
  • data/reports/GO-2022-0540.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540)
  • data/reports/GO-2022-0576.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576)
  • data/reports/GO-2022-0595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595)
  • data/reports/GO-2022-0599.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599)
  • data/reports/GO-2022-0616.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-qggc-pj29-j27m #616)
  • data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
  • data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
  • data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
  • data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
  • data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
  • data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
  • data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
  • data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
  • data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
  • data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
  • data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
  • data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
  • data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
  • data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
  • data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
  • data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
  • data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
  • data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
  • data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
  • data/reports/GO-2024-3020.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762m-4cx6-6mf4 #3020)
  • data/reports/GO-2024-3022.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9fpw-c9x7-cv3j #3022)
  • data/reports/GO-2024-3023.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg67-chm7-8m3j #3023)
  • data/reports/GO-2024-3024.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg6q-84p8-qvqh #3024)
  • data/reports/GO-2024-3025.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025)
  • data/reports/GO-2024-3028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-cmc8-222c-vqp9 #3028)
  • data/reports/GO-2024-3030.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jq3g-xqpx-37x3 #3030)
  • data/reports/GO-2024-3031.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jr9x-3x7m-4j75 #3031)
  • data/reports/GO-2024-3032.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vvpg-55p7-5h8w #3032)
  • data/reports/GO-2024-3089.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2jhx-w3vc-w59g #3089)
  • data/reports/GO-2024-3090.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3j95-8g47-fpwh #3090)
  • data/reports/GO-2024-3091.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fxq9-6946-34q7 #3091)
  • data/reports/GO-2024-3092.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q22q-2rrf-m27p #3092)
  • data/reports/GO-2024-3093.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4ww8-fprq-cq34 #3093)
  • data/reports/GO-2024-3094.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5263-pm2h-m7hw #3094)
  • data/reports/GO-2024-3096.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-c6vp-jjgv-38wj #3096)
  • data/reports/GO-2024-3097.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hrf9-rm95-fpf3 #3097)
  • data/reports/GO-2024-3164.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-59hf-mpf8-pqjh #3164)
  • data/reports/GO-2024-3227.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hm57-h27x-599c #3227)
  • data/reports/GO-2024-3232.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mvp-gh77-7vwh #3232)
  • data/reports/GO-2024-3233.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762g-9p7f-mrww #3233)
  • data/reports/GO-2024-3234.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762v-rq7q-ff97 #3234)
  • data/reports/GO-2024-3235.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-g376-m3h3-mj4r #3235)
  • data/reports/GO-2024-3334.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qqc8-rv37-79q5 #3334)
  • data/reports/GO-2024-3337.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-69pr-78gv-7c6h #3337)
  • data/reports/GO-2024-3338.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-826h-p4c3-477p #3338)
  • data/reports/GO-2024-3340.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-v647-h8jj-fw5r #3340)
  • data/reports/GO-2025-3377.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q8fg-cp3q-5jwm #3377)
  • data/reports/GO-2025-3379.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2549-xh72-qrpm #3379)
  • data/reports/GO-2025-3380.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7rgp-4j56-fm79 #3380)
  • data/reports/GO-2025-3392.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5m7j-6gc4-ff5g #3392)
  • data/reports/GO-2025-3393.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-8j3q-gc9x-7972 #3393)
  • data/reports/GO-2025-3394.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-45v9-w9fh-33j6 #3394)
  • data/reports/GO-2025-3407.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w6xh-c82w-h997 #3407)
• github.com/mattermost/mattermost/server/v8 appears in 57 other report(s):
  • data/excluded/GO-2023-2182.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r67m-mf7v-qp7j #2182) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2183.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w496-f5qq-m58j #2183) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2184.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xvq6-h898-wcj8 #2184) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-2390.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-63cv-4pc2-4fcf #2390) EFFECTIVELY_PRIVATE
  • data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
  • data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
  • data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
  • data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
  • data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
  • data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
  • data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
  • data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
  • data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
  • data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
  • data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
  • data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
  • data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
  • data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
  • data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
  • data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
  • data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
  • data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
  • data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
  • data/reports/GO-2024-3020.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762m-4cx6-6mf4 #3020)
  • data/reports/GO-2024-3022.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9fpw-c9x7-cv3j #3022)
  • data/reports/GO-2024-3023.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg67-chm7-8m3j #3023)
  • data/reports/GO-2024-3024.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg6q-84p8-qvqh #3024)
  • data/reports/GO-2024-3025.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025)
  • data/reports/GO-2024-3028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-cmc8-222c-vqp9 #3028)
  • data/reports/GO-2024-3030.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jq3g-xqpx-37x3 #3030)
  • data/reports/GO-2024-3031.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jr9x-3x7m-4j75 #3031)
  • data/reports/GO-2024-3032.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vvpg-55p7-5h8w #3032)
  • data/reports/GO-2024-3089.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2jhx-w3vc-w59g #3089)
  • data/reports/GO-2024-3090.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3j95-8g47-fpwh #3090)
  • data/reports/GO-2024-3091.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fxq9-6946-34q7 #3091)
  • data/reports/GO-2024-3092.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q22q-2rrf-m27p #3092)
  • data/reports/GO-2024-3093.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4ww8-fprq-cq34 #3093)
  • data/reports/GO-2024-3094.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5263-pm2h-m7hw #3094)
  • data/reports/GO-2024-3096.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-c6vp-jjgv-38wj #3096)
  • data/reports/GO-2024-3097.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hrf9-rm95-fpf3 #3097)
  • data/reports/GO-2024-3164.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-59hf-mpf8-pqjh #3164)
  • data/reports/GO-2024-3227.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hm57-h27x-599c #3227)
  • data/reports/GO-2024-3232.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mvp-gh77-7vwh #3232)
  • data/reports/GO-2024-3233.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762g-9p7f-mrww #3233)
  • data/reports/GO-2024-3234.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762v-rq7q-ff97 #3234)
  • data/reports/GO-2024-3235.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-g376-m3h3-mj4r #3235)
  • data/reports/GO-2024-3334.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qqc8-rv37-79q5 #3334)
  • data/reports/GO-2024-3337.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-69pr-78gv-7c6h #3337)
  • data/reports/GO-2024-3338.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-826h-p4c3-477p #3338)
  • data/reports/GO-2024-3340.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-v647-h8jj-fw5r #3340)
  • data/reports/GO-2025-3377.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q8fg-cp3q-5jwm #3377)
  • data/reports/GO-2025-3379.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2549-xh72-qrpm #3379)
  • data/reports/GO-2025-3380.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7rgp-4j56-fm79 #3380)
  • data/reports/GO-2025-3392.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5m7j-6gc4-ff5g #3392)
  • data/reports/GO-2025-3393.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-8j3q-gc9x-7972 #3393)
  • data/reports/GO-2025-3394.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-45v9-w9fh-33j6 #3394)
  • data/reports/GO-2025-3407.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w6xh-c82w-h997 #3407)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: 9.11.0-rc1+incompatible
        - fixed: 9.11.8+incompatible
        - introduced: 10.2.0-rc1+incompatible
        - fixed: 10.2.3+incompatible
        - introduced: 10.3.0-rc1+incompatible
        - fixed: 10.3.3+incompatible
        - introduced: 10.4.0-rc1+incompatible
        - fixed: 10.4.2+incompatible
      vulnerable_at: 10.4.1+incompatible
    - module: github.com/mattermost/mattermost-server/v5
      vulnerable_at: 5.39.3
    - module: github.com/mattermost/mattermost-server/v6
      vulnerable_at: 6.7.2
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - fixed: 8.0.0-20250122165010-4ed702ccff4e
summary: Mattermost allows reading arbitrary files in github.com/mattermost/mattermost-server
cves:
    - CVE-2025-20051
ghsas:
    - GHSA-v469-7wp6-7cvp
references:
    - advisory: https://github.com/advisories/GHSA-v469-7wp6-7cvp
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-20051
    - fix: https://github.com/mattermost/mattermost-plugin-boards/commit/025ce8d363a054473bc002f43f602a4032d38c06
    - fix: https://github.com/mattermost/mattermost/commit/4ed702ccff4ec3c9eff832a9b6060f9f4454141d
    - web: https://mattermost.com/security-updates
notes:
    - fix: 'github.com/mattermost/mattermost/server/v8: could not add vulnerable_at: could not find tagged version between introduced and fixed'
source:
    id: GHSA-v469-7wp6-7cvp
    created: 2025-02-24T19:05:09.40514688Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/654257 mentions this issue: data/reports: add 23 reports