GHSA-q8fg-cp3q-5jwm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q8fg-cp3q-5jwm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-q8fg-cp3q-5jwm/GHSA-q8fg-cp3q-5jwm.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-q8fg-cp3q-5jwm
- Aliases
-
- CVE-2025-22449
- GO-2025-3377
- Published
- 2025-01-09T09:31:42Z
- Modified
- 2025-01-16T14:03:58Z
- Severity
-
- 3.8 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Mattermost Incorrect Authorization vulnerability
- Details
-
Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allowopeninvite" field via making their team public.
- Database specific
{ "nvd_published_at": "2025-01-09T07:15:28Z", "cwe_ids": [ "CWE-863" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2025-01-09T17:37:53Z" }- References
Affected packages
Go / github.com/mattermost/mattermost/server/v8
Package
- Name
- github.com/mattermost/mattermost/server/v8
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost/server/v8
Go / github.com/mattermost/mattermost/server/v8
Package
- Name
- github.com/mattermost/mattermost/server/v8
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/mattermost/mattermost/server/v8