GHSA-7g2v-2frm-rg94

Source

https://github.com/advisories/GHSA-7g2v-2frm-rg94

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-7g2v-2frm-rg94/GHSA-7g2v-2frm-rg94.json

Aliases

Published

2023-05-12T09:30:15Z

Modified

2023-12-06T01:02:53.144803Z

Details

Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin

References

Affected packages

Go / github.com/mattermost/mattermost-server/v6

Package

Name: github.com/mattermost/mattermost-server/v6

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

7.1.8

Go / github.com/mattermost/mattermost-server/v6

Package

Name: github.com/mattermost/mattermost-server/v6

Affected ranges

Type: SEMVER
Events: Introduced

7.2.0

Fixed

7.7.4

Go / github.com/mattermost/mattermost-server/v6

Package

Name: github.com/mattermost/mattermost-server/v6

Affected ranges

Type: SEMVER
Events: Introduced

7.8.0

Fixed

7.8.3

Go / github.com/mattermost/mattermost-server/v6

Package

Name: github.com/mattermost/mattermost-server/v6

Affected ranges

Type: SEMVER
Events: Introduced

7.9.0

Fixed

7.9.2