GHSA-vvpg-55p7-5h8w

Source

https://github.com/advisories/GHSA-vvpg-55p7-5h8w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-vvpg-55p7-5h8w/GHSA-vvpg-55p7-5h8w.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-vvpg-55p7-5h8w

Aliases

Published

2024-08-01T15:32:23Z

Modified

2025-07-25T15:45:57Z

Severity

3.8 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Mattermost did not properly restrict channel creation

Details

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled.

Database specific

{
    "cwe_ids": [
        "CWE-284"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2024-08-01T15:15:12Z",
    "severity": "LOW",
    "github_reviewed_at": "2024-08-02T13:29:46Z"
}

References

Affected packages

Go

github.com/mattermost/mattermost/server/v8

Package

Name: github.com/mattermost/mattermost/server/v8; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost/server/v8

Affected ranges

Type: SEMVER
Events: Introduced

9.5.0

Fixed

9.5.7

github.com/mattermost/mattermost/server/v8

Package

Name: github.com/mattermost/mattermost/server/v8; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost/server/v8

Affected ranges

Type: SEMVER
Events: Introduced

9.9.0

Fixed

9.9.1

Affected versions

9.*

9.9.0

github.com/mattermost/mattermost/server/v8

Package

Name: github.com/mattermost/mattermost/server/v8; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost/server/v8

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.0-20240626164322-c758cecaf30c

github.com/mattermost/mattermost-server

Package

Name: github.com/mattermost/mattermost-server; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost-server

Affected ranges

Type: SEMVER
Events: Introduced

9.9.0

Fixed

9.9.1

Affected versions

9.*

9.9.0

github.com/mattermost/mattermost-server/v5

Package

Name: github.com/mattermost/mattermost-server/v5; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost-server/v5

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.3.2-0.20240626164322-c758cecaf30c

github.com/mattermost/mattermost-server/v6

Package

Name: github.com/mattermost/mattermost-server/v6; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost-server/v6

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.0-20240626164322-c758cecaf30c

github.com/mattermost/mattermost-server

Package

Name: github.com/mattermost/mattermost-server; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost-server

Affected ranges

Type: SEMVER
Events: Introduced

9.5.0

Fixed

9.5.7