x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3vcm-c42p-3hhf

[GoVulnBot]

Advisory GHSA-3vcm-c42p-3hhf references a vulnerability in the following Go modules:

Module
github.com/mattermost/mattermost-server

Description:
Mattermost versions 10.10.x <= 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instances with shared channels enabled.

References:

• ADVISORY: GHSA-3vcm-c42p-3hhf
• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-9076
• WEB: https://mattermost.com/security-updates

Cross references:

• github.com/mattermost/mattermost-server appears in 128 other report(s):
  • data/excluded/GO-2022-0601.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-gwpf-95jc-63rv #601) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-1126.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5jph-wrq7-v9hf #1126) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2022-1127.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-v42f-hq78-8c5m #1127) EFFECTIVELY_PRIVATE
  • data/excluded/GO-2023-1710.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3wq5-3f56-v5xc #1710) EFFECTIVELY_PRIVATE
  • data/reports/GO-2022-0540.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540)
  • data/reports/GO-2022-0576.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576)
  • data/reports/GO-2022-0595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595)
  • data/reports/GO-2022-0599.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599)
  • data/reports/GO-2022-0604.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-hv5f-73mr-7vvj #604)
  • data/reports/GO-2022-0616.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-qggc-pj29-j27m #616)
  • data/reports/GO-2023-1939.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost: GHSA-j2h2-cvwh-cr64 #1939)
  • data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
  • data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
  • data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
  • data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
  • data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
  • data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
  • data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
  • data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
  • data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
  • data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
  • data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
  • data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
  • data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
  • data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
  • data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
  • data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
  • data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
  • data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
  • data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
  • data/reports/GO-2024-2793.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5fh7-7mw7-mmx5 #2793)
  • data/reports/GO-2024-2794.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5qx9-9ffj-5r8f #2794)
  • data/reports/GO-2024-2795.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-8f99-g2pj-x8w3 #2795)
  • data/reports/GO-2024-2796.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-p2wq-4ggp-45f3 #2796)
  • data/reports/GO-2024-2797.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-vx97-8q8q-qgq5 #2797)
  • data/reports/GO-2024-2798.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-wj37-mpq9-xrcm #2798)
  • data/reports/GO-2024-3020.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762m-4cx6-6mf4 #3020)
  • data/reports/GO-2024-3022.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9fpw-c9x7-cv3j #3022)
  • data/reports/GO-2024-3023.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg67-chm7-8m3j #3023)
  • data/reports/GO-2024-3024.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg6q-84p8-qvqh #3024)
  • data/reports/GO-2024-3025.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025)
  • data/reports/GO-2024-3028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-cmc8-222c-vqp9 #3028)
  • data/reports/GO-2024-3030.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jq3g-xqpx-37x3 #3030)
  • data/reports/GO-2024-3031.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jr9x-3x7m-4j75 #3031)
  • data/reports/GO-2024-3032.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vvpg-55p7-5h8w #3032)
  • data/reports/GO-2024-3089.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2jhx-w3vc-w59g #3089)
  • data/reports/GO-2024-3090.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3j95-8g47-fpwh #3090)
  • data/reports/GO-2024-3091.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fxq9-6946-34q7 #3091)
  • data/reports/GO-2024-3092.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q22q-2rrf-m27p #3092)
  • data/reports/GO-2024-3093.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4ww8-fprq-cq34 #3093)
  • data/reports/GO-2024-3094.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5263-pm2h-m7hw #3094)
  • data/reports/GO-2024-3096.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-c6vp-jjgv-38wj #3096)
  • data/reports/GO-2024-3097.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hrf9-rm95-fpf3 #3097)
  • data/reports/GO-2024-3164.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-59hf-mpf8-pqjh #3164)
  • data/reports/GO-2024-3227.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hm57-h27x-599c #3227)
  • data/reports/GO-2024-3232.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mvp-gh77-7vwh #3232)
  • data/reports/GO-2024-3233.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762g-9p7f-mrww #3233)
  • data/reports/GO-2024-3234.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762v-rq7q-ff97 #3234)
  • data/reports/GO-2024-3235.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-g376-m3h3-mj4r #3235)
  • data/reports/GO-2024-3334.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qqc8-rv37-79q5 #3334)
  • data/reports/GO-2024-3337.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-69pr-78gv-7c6h #3337)
  • data/reports/GO-2024-3338.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-826h-p4c3-477p #3338)
  • data/reports/GO-2024-3340.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-v647-h8jj-fw5r #3340)
  • data/reports/GO-2025-3377.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q8fg-cp3q-5jwm #3377)
  • data/reports/GO-2025-3379.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2549-xh72-qrpm #3379)
  • data/reports/GO-2025-3380.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7rgp-4j56-fm79 #3380)
  • data/reports/GO-2025-3392.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5m7j-6gc4-ff5g #3392)
  • data/reports/GO-2025-3393.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-8j3q-gc9x-7972 #3393)
  • data/reports/GO-2025-3394.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-45v9-w9fh-33j6 #3394)
  • data/reports/GO-2025-3407.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w6xh-c82w-h997 #3407)
  • data/reports/GO-2025-3480.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5fwx-p6xh-vjrh #3480)
  • data/reports/GO-2025-3481.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q8p2-2hwc-jw64 #3481)
  • data/reports/GO-2025-3482.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-rhvr-6w8c-6v7w #3482)
  • data/reports/GO-2025-3483.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-v469-7wp6-7cvp #3483)
  • data/reports/GO-2025-3534.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-fqrq-xmxj-v47x #3534)
  • data/reports/GO-2025-3549.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3gpx-p63p-pr5r #3549)
  • data/reports/GO-2025-3550.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4v65-xqcj-wpgg #3550)
  • data/reports/GO-2025-3551.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-72qv-j8vr-xvfv #3551)
  • data/reports/GO-2025-3552.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-rp74-x43m-cpw3 #3552)
  • data/reports/GO-2025-3555.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-cw7q-5cgc-h3h9 #3555)
  • data/reports/GO-2025-3556.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h5v9-xw2g-7hrq #3556)
  • data/reports/GO-2025-3604.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xfq9-hh5x-xfq9 #3604)
  • data/reports/GO-2025-3609.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-322v-vh2g-qvpv #3609)
  • data/reports/GO-2025-3610.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6rqh-8465-2xcw #3610)
  • data/reports/GO-2025-3611.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wwhj-pw6h-f8hw #3611)
  • data/reports/GO-2025-3618.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-msteams: GHSA-2j87-p623-8cc2 #3618)
  • data/reports/GO-2025-3619.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h4rr-f37j-4hh7 #3619)
  • data/reports/GO-2025-3620.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-j5jw-m2ph-3jjf #3620)
  • data/reports/GO-2025-3621.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-j639-m367-75cf #3621)
  • data/reports/GO-2025-3622.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9h6j-4ffx-cm84 #3622)
  • data/reports/GO-2025-3623.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mj2p-v2c2-vh4v #3623)
  • data/reports/GO-2025-3642.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-playbooks: GHSA-3g36-gf7c-75qw #3642)
  • data/reports/GO-2025-3642.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-playbooks: GHSA-3g36-gf7c-75qw #3642)
  • data/reports/GO-2025-3642.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-playbooks: GHSA-3g36-gf7c-75qw #3642)
  • data/reports/GO-2025-3643.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-playbooks: GHSA-689c-xq7x-xjwf #3643)
  • data/reports/GO-2025-3643.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-playbooks: GHSA-689c-xq7x-xjwf #3643)
  • data/reports/GO-2025-3643.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-playbooks: GHSA-689c-xq7x-xjwf #3643)
  • data/reports/GO-2025-3644.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fr22-5377-f3p7 #3644)
  • data/reports/GO-2025-3644.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fr22-5377-f3p7 #3644)
  • data/reports/GO-2025-3644.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fr22-5377-f3p7 #3644)
  • data/reports/GO-2025-3691.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h356-3mfw-x368 #3691)
  • data/reports/GO-2025-3692.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qgwx-rffp-6cx9 #3692)
  • data/reports/GO-2025-3693.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r7r2-m3vr-c8qc #3693)
  • data/reports/GO-2025-3694.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fpff-wj6m-grvr #3694)
  • data/reports/GO-2025-3724.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4mmr-2w8p-whcr #3724)
  • data/reports/GO-2025-3728.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-86jg-35xj-3vv5 #3728)
  • data/reports/GO-2025-3729.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-8cgx-9ccj-3gwr #3729)
  • data/reports/GO-2025-3730.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hc6v-386m-93pq #3730)
  • data/reports/GO-2025-3731.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mc2f-jgj6-6cp3 #3731)
  • data/reports/GO-2025-3756.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-4r67-4x4p-fprg #3756)
  • data/reports/GO-2025-3757.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-jwhw-xf5v-qgxc #3757)
  • data/reports/GO-2025-3769.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qh58-9v3j-wcjc #3769)
  • data/reports/GO-2025-3771.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4578-6gjh-f2jm #3771)
  • data/reports/GO-2025-3772.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qwwm-c582-82rx #3772)
  • data/reports/GO-2025-3796.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-v8fr-vxmw-6mf6 #3796)
  • data/reports/GO-2025-3797.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wgvp-jj4w-88hf #3797)
  • data/reports/GO-2025-3818.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4fwj-8595-wp25 #3818)
  • data/reports/GO-2025-3819.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7h34-9chr-58qh #3819)
  • data/reports/GO-2025-3820.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wvw2-3jh4-4c39 #3820)
  • data/reports/GO-2025-3901.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-gq3r-5833-5532 #3901)
  • data/reports/GO-2025-3902.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4276-cm8c-788h #3902)
  • data/reports/GO-2025-3903.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pwvr-grqg-7vp2 #3903)
  • data/reports/GO-2025-3904.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q453-638c-h4mr #3904)
  • data/reports/GO-2025-3905.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qj47-w9f2-qg44 #3905)
  • data/reports/GO-2025-3906.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vqwh-5jhh-vc9p #3906)
  • data/reports/GO-2025-3907.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-x67c-v8jr-p29r #3907)
  • data/reports/GO-2025-3910.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pj6f-rc94-gw53 #3910)
  • data/reports/GO-2025-3911.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-h469-4fcf-p23h #3911)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/mattermost/mattermost-server
      versions:
        - introduced: 10.10.0+incompatible
        - fixed: 10.10.2+incompatible
      non_go_versions:
        - fixed: 8.0.0-20250729073403-517ae758cd02
      vulnerable_at: 10.10.2-rc4+incompatible
summary: Mattermost Missing Authorization vulnerability in github.com/mattermost/mattermost-server
cves:
    - CVE-2025-9076
ghsas:
    - GHSA-3vcm-c42p-3hhf
references:
    - advisory: https://github.com/advisories/GHSA-3vcm-c42p-3hhf
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-9076
    - web: https://mattermost.com/security-updates
source:
    id: GHSA-3vcm-c42p-3hhf
    created: 2025-09-15T21:01:36.935026794Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/704637 mentions this issue: data/reports: add 17 reports