x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c

[GoVulnBot]

In GitHub Security Advisory GHSA-pfw6-5rx3-xh3c, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/mattermost/mattermost/server/v8	8.1.9	< 8.1.9

Cross references:

• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r67m-mf7v-qp7j #2182 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w496-f5qq-m58j #2183 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xvq6-h898-wcj8 #2184 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-63cv-4pc2-4fcf #2390 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - fixed: 8.1.9
      packages:
        - package: github.com/mattermost/mattermost/server/v8
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: 9.2.0
          fixed: 9.2.5
      packages:
        - package: github.com/mattermost/mattermost/server/v8
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: 9.3.0
          fixed: 9.3.1
      packages:
        - package: github.com/mattermost/mattermost/server/v8
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: 9.4.0
          fixed: 9.4.2
      packages:
        - package: github.com/mattermost/mattermost/server/v8
summary: Mattermost fails to check the "invite_guest" permission
cves:
    - CVE-2024-1888
ghsas:
    - GHSA-pfw6-5rx3-xh3c
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-1888
    - web: https://mattermost.com/security-updates
    - advisory: https://github.com/advisories/GHSA-pfw6-5rx3-xh3c

[gopherbot]

Change https://go.dev/cl/569495 mentions this issue: data/excluded: batch add 11 excluded reports

[gopherbot]

Change https://go.dev/cl/592778 mentions this issue: data/reports: unexclude 80 reports