x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q

[GoVulnBot]

In GitHub Security Advisory GHSA-w67v-ph4x-f48q, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/mattermost/mattermost/server/v8	9.3.3	>= 9.3.0, < 9.3.3

Cross references:

• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r67m-mf7v-qp7j #2182 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w496-f5qq-m58j #2183 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xvq6-h898-wcj8 #2184 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-63cv-4pc2-4fcf #2390 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594 EFFECTIVELY_PRIVATE
• Module github.com/mattermost/mattermost/server/v8 appears in issue x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: 9.3.0
          fixed: 9.3.3
      packages:
        - package: github.com/mattermost/mattermost/server/v8
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: 9.4.0
          fixed: 9.4.4
      packages:
        - package: github.com/mattermost/mattermost/server/v8
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: 9.5.0
          fixed: 9.5.2
      packages:
        - package: github.com/mattermost/mattermost/server/v8
    - module: github.com/mattermost/mattermost/server/v8
      versions:
        - introduced: 8.1.0
          fixed: 8.1.11
      packages:
        - package: github.com/mattermost/mattermost/server/v8
summary: Mattermost Server Improper Access Control
cves:
    - CVE-2024-29221
ghsas:
    - GHSA-w67v-ph4x-f48q
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2024-29221
    - web: https://mattermost.com/security-updates
    - fix: https://github.com/mattermost/mattermost/commit/0dc03fbc6e3c9afb14137e72ab3fa6f5a0125b9c
    - fix: https://github.com/mattermost/mattermost/commit/5cce9fed7363386afebd81a58fb5fab7d2729c8f
    - fix: https://github.com/mattermost/mattermost/commit/a5784f34ba6592c6454b8742f24af9d06279e347
    - fix: https://github.com/mattermost/mattermost/commit/dd3fe2991a70a41790d6bef5d31afc5957525f3c
    - advisory: https://github.com/advisories/GHSA-w67v-ph4x-f48q

[gopherbot]

Change https://go.dev/cl/590278 mentions this issue: data/reports: add 48 unreviewed reports