File tree 2 files changed +134
-0
lines changed
2 files changed +134
-0
lines changed Original file line number Diff line number Diff line change 1+ {
2+ "schema_version" : " 1.3.1"
3+ "id" : " GO-2024-3227"
4+ "modified" : " 0001-01-01T00:00:00Z"
5+ "published" : " 0001-01-01T00:00:00Z"
6+ "aliases" : [
7+ " CVE-2024-10214"
8+ " GHSA-hm57-h27x-599c"
9+ ],
10+ "summary" : " Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server"
11+ "details" : " Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server"
12+ "affected" : [
13+ {
14+ "package" : {
15+ "name" : " github.com/mattermost/mattermost-server"
16+ "ecosystem" : " Go"
17+ },
18+ "ranges" : [
19+ {
20+ "type" : " SEMVER"
21+ "events" : [
22+ {
23+ "introduced" : " 0"
24+ }
25+ ]
26+ }
27+ ],
28+ "ecosystem_specific" : {}
29+ },
30+ {
31+ "package" : {
32+ "name" : " github.com/mattermost/mattermost-server/v5"
33+ "ecosystem" : " Go"
34+ },
35+ "ranges" : [
36+ {
37+ "type" : " SEMVER"
38+ "events" : [
39+ {
40+ "introduced" : " 0"
41+ }
42+ ]
43+ }
44+ ],
45+ "ecosystem_specific" : {}
46+ },
47+ {
48+ "package" : {
49+ "name" : " github.com/mattermost/mattermost-server/v6"
50+ "ecosystem" : " Go"
51+ },
52+ "ranges" : [
53+ {
54+ "type" : " SEMVER"
55+ "events" : [
56+ {
57+ "introduced" : " 0"
58+ }
59+ ]
60+ }
61+ ],
62+ "ecosystem_specific" : {}
63+ },
64+ {
65+ "package" : {
66+ "name" : " github.com/mattermost/mattermost/server/v8"
67+ "ecosystem" : " Go"
68+ },
69+ "ranges" : [
70+ {
71+ "type" : " SEMVER"
72+ "events" : [
73+ {
74+ "introduced" : " 0"
75+ },
76+ {
77+ "fixed" : " 8.0.0-20240821220019-0d6b1070a26f"
78+ }
79+ ]
80+ }
81+ ],
82+ "ecosystem_specific" : {}
83+ }
84+ ],
85+ "references" : [
86+ {
87+ "type" : " ADVISORY"
88+ "url" : " https://github.com/advisories/GHSA-hm57-h27x-599c"
89+ },
90+ {
91+ "type" : " ADVISORY"
92+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2024-10214"
93+ },
94+ {
95+ "type" : " WEB"
96+ "url" : " https://github.com/mattermost/mattermost/commit/0d6b1070a26f0b9fc13f7e7fbbe18b6a31570c5a"
97+ },
98+ {
99+ "type" : " WEB"
100+ "url" : " https://mattermost.com/security-updates"
101+ }
102+ ],
103+ "database_specific" : {
104+ "url" : " https://pkg.go.dev/vuln/GO-2024-3227"
105+ "review_status" : " UNREVIEWED"
106+ }
107+ }
Original file line number Diff line number Diff line change 1+ id : GO-2024-3227
2+ modules :
3+ - module : github.com/mattermost/mattermost-server
4+ vulnerable_at : 10.1.2+incompatible
5+ - module : github.com/mattermost/mattermost-server/v5
6+ vulnerable_at : 5.39.3
7+ - module : github.com/mattermost/mattermost-server/v6
8+ vulnerable_at : 6.7.2
9+ - module : github.com/mattermost/mattermost/server/v8
10+ versions :
11+ - fixed : 8.0.0-20240821220019-0d6b1070a26f
12+ summary : Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server
13+ cves :
14+ - CVE-2024-10214
15+ ghsas :
16+ - GHSA-hm57-h27x-599c
17+ references :
18+ - advisory : https://github.com/advisories/GHSA-hm57-h27x-599c
19+ - advisory : https://nvd.nist.gov/vuln/detail/CVE-2024-10214
20+ - web : https://github.com/mattermost/mattermost/commit/0d6b1070a26f0b9fc13f7e7fbbe18b6a31570c5a
21+ - web : https://mattermost.com/security-updates
22+ notes :
23+ - fix : ' github.com/mattermost/mattermost/server/v8: could not add vulnerable_at: could not find tagged version between introduced and fixed'
24+ source :
25+ id : GHSA-hm57-h27x-599c
26+ created : 2024-10-28T20:45:59.73729002Z
27+ review_status : UNREVIEWED
You can’t perform that action at this time.
0 commit comments