x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-63f2-6959-2pxj #1711
Description
In GitHub Security Advisory GHSA-63f2-6959-2pxj, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/mattermost/mattermost-server/v6 | 7.1.6 | >= 3.3.0, <= 4.10.10 |
Cross references:
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599 EFFECTIVELY_PRIVATE
- Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-m7w4-q5vg-5xfp #1028 EFFECTIVELY_PRIVATE
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/mattermost/mattermost-server/v6
versions:
- introduced: TODO (earliest fixed "7.1.6", vuln range ">= 3.3.0, <= 4.10.10")
packages:
- package: github.com/mattermost/mattermost-server/v6
- module: github.com/mattermost/mattermost-server/v6
versions:
- introduced: TODO (earliest fixed "7.1.6", vuln range ">= 5.0.0, <= 5.39.3")
packages:
- package: github.com/mattermost/mattermost-server/v5
- module: github.com/mattermost/mattermost-server/v6
versions:
- introduced: TODO (earliest fixed "7.8.1", vuln range "= 7.8.0")
packages:
- package: github.com/mattermost/mattermost-server
- module: github.com/mattermost/mattermost-server/v6
versions:
- introduced: TODO (earliest fixed "7.1.6", vuln range ">= 7.1.0, <= 7.1.5")
packages:
- package: github.com/mattermost/mattermost-server
- module: github.com/mattermost/mattermost-server/v6
versions:
- introduced: TODO (earliest fixed "7.7.2", vuln range ">= 7.7.0, <= 7.7.1")
packages:
- package: github.com/mattermost/mattermost-server
- module: github.com/mattermost/mattermost-server/v6
versions:
- introduced: TODO (earliest fixed "7.1.6", vuln range ">= 6.0.0, <= 6.7.2")
packages:
- package: github.com/mattermost/mattermost-server/v6
summary: Mattermost vulnerable to cross-site scripting (XSS)
description: "Boards in Mattermost allows an attacker to upload a malicious SVG image
file as an attachment to a card and share it using a direct link to the file.
\n\n[Issue Identifier](https://mattermost.com/security-updates/): MMSA-2023-00139"
cves:
- CVE-2023-1776
ghsas:
- GHSA-63f2-6959-2pxj
references:
- web: https://nvd.nist.gov/vuln/detail/CVE-2023-1776
- web: https://mattermost.com/security-updates/
- advisory: https://github.com/advisories/GHSA-63f2-6959-2pxj