x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540
Description
In GitHub Security Advisory GHSA-7ggc-5r84-xf54, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/mattermost/mattermost-server/v6 | 6.7.1 | = 6.7.0 |
See doc/triage.md for instructions on how to triage this report.
packages:
- package: github.com/mattermost/mattermost-server/v6
versions:
- introduced: TODO (earliest fixed "6.7.1", vuln range "= 6.7.0")
- package: github.com/mattermost/mattermost-server/v6
versions:
- introduced: 6.6.0
fixed: 6.6.2
- package: github.com/mattermost/mattermost-server/v6
versions:
- introduced: 6.4.0
fixed: 6.5.2
- package: github.com/mattermost/mattermost-server/v6
versions:
- fixed: 6.3.9
description: Unrestricted information disclosure of all users in Mattermost version
6.7.0 and earlier allows team members to access some sensitive information by
directly accessing the APIs.
published: 2022-07-15T00:00:16Z
last_modified: 2022-07-21T22:35:35Z
cves:
- CVE-2022-2401
ghsas:
- GHSA-7ggc-5r84-xf54
links:
context:
- https://github.com/advisories/GHSA-7ggc-5r84-xf54