Skip to content

x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576

New issue
New issue
Closed
Closed
x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w#576
Assignees
rolandshoemaker
Labels
excluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.
@julieqiu

Description

@julieqiu
julieqiu
opened on Aug 1, 2022

In GitHub Security Advisory GHSA-32rp-q37p-jg6w, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/mattermost/mattermost-server/v6 6.5.0 >= 6.4.0, < 6.5.0

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/mattermost/mattermost-server/v6
    versions:
      - introduced: 6.4.0
        fixed: 6.5.0
description: Mattermost version 6.4.x and earlier fails to properly check the plugin
    version when a plugin is installed from the Marketplace, which allows an authenticated
    and an authorized user to install and exploit an old plugin version from the Marketplace
    which might have known vulnerabilities.
published: 2022-04-20T00:00:30Z
last_modified: 2022-04-28T21:12:16Z
cves:
  - CVE-2022-1384
ghsas:
  - GHSA-32rp-q37p-jg6w
links:
    context:
      - https://github.com/advisories/GHSA-32rp-q37p-jg6w

Metadata

Metadata

Assignees

Labels

excluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions