x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-455c-vqrf-mghr

[GoVulnBot]

In GitHub Security Advisory GHSA-455c-vqrf-mghr, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/mattermost/mattermost-server/v6	7.8.5	< 7.8.5

Cross references:

• Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-m7w4-q5vg-5xfp #1028 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-63f2-6959-2pxj #1711 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-8jhh-3jf2-pfwr #1712 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-9hj7-v56g-rhf6 #1727 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost-server/v6 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7g2v-2frm-rg94 #1778 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/mattermost/mattermost-server/v6
      versions:
        - fixed: 7.8.5
      packages:
        - package: github.com/mattermost/mattermost-server/v6
    - module: github.com/mattermost/mattermost-server/v6
      versions:
        - introduced: 7.9.0
          fixed: 7.9.4
      packages:
        - package: github.com/mattermost/mattermost-server/v6
    - module: github.com/mattermost/mattermost-server/v6
      versions:
        - introduced: TODO (earliest fixed "7.10.1", vuln range "= 7.10.0")
      packages:
        - package: github.com/mattermost/mattermost-server/v6
summary: Mattermost Server Missing Authorization vulnerability
description: |-
    Mattermost Apps Framework fails to verify that a secret provided in the incoming
    webhook request allowing an attacker to modify the contents of the post sent by
    the Apps.
cves:
    - CVE-2023-2783
ghsas:
    - GHSA-455c-vqrf-mghr
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-2783
    - web: https://mattermost.com/security-updates
    - advisory: https://github.com/advisories/GHSA-455c-vqrf-mghr

[gopherbot]

Change https://go.dev/cl/507896 mentions this issue: data/excluded: batch add 10 excluded reports

[gopherbot]

Change https://go.dev/cl/507901 mentions this issue: data/excluded: batch add 8 excluded reports

[gopherbot]

Change https://go.dev/cl/507904 mentions this issue: data/excluded: batch add 8 excluded reports