-
Notifications
You must be signed in to change notification settings - Fork 347
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ad8885d
commit c912bd4
Showing
2 changed files
with
125 additions
and
38 deletions.
There are no files selected for viewing
125 changes: 125 additions & 0 deletions
125
advisories/github-reviewed/2024/08/GHSA-762m-4cx6-6mf4/GHSA-762m-4cx6-6mf4.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,125 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-762m-4cx6-6mf4", | ||
| "modified": "2024-08-01T23:07:42Z", | ||
| "published": "2024-08-01T15:32:23Z", | ||
| "aliases": [ | ||
| "CVE-2024-39832" | ||
| ], | ||
| "summary": "Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling", | ||
| "details": "Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H" | ||
| } | ||
| ], | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "ecosystem": "Go", | ||
| "name": "github.com/mattermost/mattermost/server/v8" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "9.5.0" | ||
| }, | ||
| { | ||
| "fixed": "9.5.7" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "package": { | ||
| "ecosystem": "Go", | ||
| "name": "github.com/mattermost/mattermost/server/v8" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "9.7.0" | ||
| }, | ||
| { | ||
| "fixed": "9.7.6" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "package": { | ||
| "ecosystem": "Go", | ||
| "name": "github.com/mattermost/mattermost/server/v8" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "9.8.0" | ||
| }, | ||
| { | ||
| "fixed": "9.8.2" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "package": { | ||
| "ecosystem": "Go", | ||
| "name": "github.com/mattermost/mattermost/server/v8" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "9.9.0" | ||
| }, | ||
| { | ||
| "fixed": "9.9.1" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "versions": [ | ||
| "9.9.0" | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39832" | ||
| }, | ||
| { | ||
| "type": "PACKAGE", | ||
| "url": "https://github.com/mattermost/mattermost" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://mattermost.com/security-updates" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-754" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": true, | ||
| "github_reviewed_at": "2024-08-01T23:07:42Z", | ||
| "nvd_published_at": "2024-08-01T15:15:12Z" | ||
| } | ||
| } |
38 changes: 0 additions & 38 deletions
38
advisories/unreviewed/2024/08/GHSA-762m-4cx6-6mf4/GHSA-762m-4cx6-6mf4.json
This file was deleted.
Oops, something went wrong.