x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-8qg8-c7mw-6fj7 #4148
Description
Advisory GHSA-8qg8-c7mw-6fj7 references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/mattermost/mattermost-server |
Description:
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.
References:
- ADVISORY: GHSA-8qg8-c7mw-6fj7
- ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2017-18874
- FIX: mattermost/mattermost@6be8113
- FIX: mattermost/mattermost@6d3cb2c
- FIX: mattermost/mattermost@fadd951
- WEB: https://mattermost.com/security-updates
Cross references:
- github.com/mattermost/mattermost-server appears in 167 other report(s):
- data/excluded/GO-2022-0601.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-gwpf-95jc-63rv #601) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1126.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5jph-wrq7-v9hf #1126) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1127.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-v42f-hq78-8c5m #1127) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1710.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3wq5-3f56-v5xc #1710) EFFECTIVELY_PRIVATE
- data/reports/GO-2022-0540.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-7ggc-5r84-xf54 #540)
- data/reports/GO-2022-0576.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-32rp-q37p-jg6w #576)
- data/reports/GO-2022-0595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-f37q-q7p2-ccfc #595)
- data/reports/GO-2022-0599.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-fxwj-v664-wv5g #599)
- data/reports/GO-2022-0604.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-hv5f-73mr-7vvj #604)
- data/reports/GO-2022-0616.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v5: GHSA-qggc-pj29-j27m #616)
- data/reports/GO-2023-1939.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost: GHSA-j2h2-cvwh-cr64 #1939)
- data/reports/GO-2024-2444.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9w97-9rqx-8v4j #2444)
- data/reports/GO-2024-2446.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h3gq-j7p9-x3p4 #2446)
- data/reports/GO-2024-2448.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-q7rx-w656-fwmv #2448)
- data/reports/GO-2024-2450.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w88v-pjr8-cmv2 #2450)
- data/reports/GO-2024-2541.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-32h7-7j94-8fc2 #2541)
- data/reports/GO-2024-2566.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r833-w756-h5p2 #2566)
- data/reports/GO-2024-2588.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3g35-v53r-gpxc #2588)
- data/reports/GO-2024-2589.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mx3-9qfh-77gj #2589)
- data/reports/GO-2024-2590.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7v3v-984v-h74r #2590)
- data/reports/GO-2024-2591.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fx48-xv6q-6gp3 #2591)
- data/reports/GO-2024-2592.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hwjf-4667-gqwx #2592)
- data/reports/GO-2024-2593.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pfw6-5rx3-xh3c #2593)
- data/reports/GO-2024-2594.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vm9m-57jr-4pxh #2594)
- data/reports/GO-2024-2595.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xgxj-j98c-59rv #2595)
- data/reports/GO-2024-2635.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r4fm-g65h-cr54 #2635)
- data/reports/GO-2024-2695.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mcw6-3256-64gg #2695)
- data/reports/GO-2024-2696.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wp43-vprh-c3w5 #2696)
- data/reports/GO-2024-2706.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w67v-ph4x-f48q #2706)
- data/reports/GO-2024-2707.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xp9j-8p68-9q93 #2707)
- data/reports/GO-2024-2793.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5fh7-7mw7-mmx5 #2793)
- data/reports/GO-2024-2794.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5qx9-9ffj-5r8f #2794)
- data/reports/GO-2024-2795.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-8f99-g2pj-x8w3 #2795)
- data/reports/GO-2024-2796.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-p2wq-4ggp-45f3 #2796)
- data/reports/GO-2024-2797.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-vx97-8q8q-qgq5 #2797)
- data/reports/GO-2024-2798.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-wj37-mpq9-xrcm #2798)
- data/reports/GO-2024-3020.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762m-4cx6-6mf4 #3020)
- data/reports/GO-2024-3022.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9fpw-c9x7-cv3j #3022)
- data/reports/GO-2024-3023.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg67-chm7-8m3j #3023)
- data/reports/GO-2024-3024.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vg6q-84p8-qvqh #3024)
- data/reports/GO-2024-3025.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-56mc-f9w7-2wxq #3025)
- data/reports/GO-2024-3028.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-cmc8-222c-vqp9 #3028)
- data/reports/GO-2024-3030.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jq3g-xqpx-37x3 #3030)
- data/reports/GO-2024-3031.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-jr9x-3x7m-4j75 #3031)
- data/reports/GO-2024-3032.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vvpg-55p7-5h8w #3032)
- data/reports/GO-2024-3089.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2jhx-w3vc-w59g #3089)
- data/reports/GO-2024-3090.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3j95-8g47-fpwh #3090)
- data/reports/GO-2024-3091.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fxq9-6946-34q7 #3091)
- data/reports/GO-2024-3092.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q22q-2rrf-m27p #3092)
- data/reports/GO-2024-3093.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4ww8-fprq-cq34 #3093)
- data/reports/GO-2024-3094.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5263-pm2h-m7hw #3094)
- data/reports/GO-2024-3096.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-c6vp-jjgv-38wj #3096)
- data/reports/GO-2024-3097.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hrf9-rm95-fpf3 #3097)
- data/reports/GO-2024-3164.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-59hf-mpf8-pqjh #3164)
- data/reports/GO-2024-3227.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hm57-h27x-599c #3227)
- data/reports/GO-2024-3232.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6mvp-gh77-7vwh #3232)
- data/reports/GO-2024-3233.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762g-9p7f-mrww #3233)
- data/reports/GO-2024-3234.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-762v-rq7q-ff97 #3234)
- data/reports/GO-2024-3235.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-g376-m3h3-mj4r #3235)
- data/reports/GO-2024-3334.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qqc8-rv37-79q5 #3334)
- data/reports/GO-2024-3337.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-69pr-78gv-7c6h #3337)
- data/reports/GO-2024-3338.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-826h-p4c3-477p #3338)
- data/reports/GO-2024-3340.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-v647-h8jj-fw5r #3340)
- data/reports/GO-2025-3377.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q8fg-cp3q-5jwm #3377)
- data/reports/GO-2025-3379.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-2549-xh72-qrpm #3379)
- data/reports/GO-2025-3380.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7rgp-4j56-fm79 #3380)
- data/reports/GO-2025-3392.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5m7j-6gc4-ff5g #3392)
- data/reports/GO-2025-3393.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-8j3q-gc9x-7972 #3393)
- data/reports/GO-2025-3394.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-45v9-w9fh-33j6 #3394)
- data/reports/GO-2025-3407.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-w6xh-c82w-h997 #3407)
- data/reports/GO-2025-3480.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-5fwx-p6xh-vjrh #3480)
- data/reports/GO-2025-3481.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q8p2-2hwc-jw64 #3481)
- data/reports/GO-2025-3482.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-rhvr-6w8c-6v7w #3482)
- data/reports/GO-2025-3483.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-v469-7wp6-7cvp #3483)
- data/reports/GO-2025-3534.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-fqrq-xmxj-v47x #3534)
- data/reports/GO-2025-3549.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-3gpx-p63p-pr5r #3549)
- data/reports/GO-2025-3550.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4v65-xqcj-wpgg #3550)
- data/reports/GO-2025-3551.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-72qv-j8vr-xvfv #3551)
- data/reports/GO-2025-3552.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-rp74-x43m-cpw3 #3552)
- data/reports/GO-2025-3555.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-cw7q-5cgc-h3h9 #3555)
- data/reports/GO-2025-3556.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h5v9-xw2g-7hrq #3556)
- data/reports/GO-2025-3604.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xfq9-hh5x-xfq9 #3604)
- data/reports/GO-2025-3609.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-322v-vh2g-qvpv #3609)
- data/reports/GO-2025-3610.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-6rqh-8465-2xcw #3610)
- data/reports/GO-2025-3611.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wwhj-pw6h-f8hw #3611)
- data/reports/GO-2025-3618.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-msteams: GHSA-2j87-p623-8cc2 #3618)
- data/reports/GO-2025-3619.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h4rr-f37j-4hh7 #3619)
- data/reports/GO-2025-3620.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-j5jw-m2ph-3jjf #3620)
- data/reports/GO-2025-3621.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-j639-m367-75cf #3621)
- data/reports/GO-2025-3622.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9h6j-4ffx-cm84 #3622)
- data/reports/GO-2025-3623.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mj2p-v2c2-vh4v #3623)
- data/reports/GO-2025-3642.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-playbooks: GHSA-3g36-gf7c-75qw #3642)
- data/reports/GO-2025-3642.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-playbooks: GHSA-3g36-gf7c-75qw #3642)
- data/reports/GO-2025-3642.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-playbooks: GHSA-3g36-gf7c-75qw #3642)
- data/reports/GO-2025-3643.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-playbooks: GHSA-689c-xq7x-xjwf #3643)
- data/reports/GO-2025-3643.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-playbooks: GHSA-689c-xq7x-xjwf #3643)
- data/reports/GO-2025-3643.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-plugin-playbooks: GHSA-689c-xq7x-xjwf #3643)
- data/reports/GO-2025-3644.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fr22-5377-f3p7 #3644)
- data/reports/GO-2025-3644.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fr22-5377-f3p7 #3644)
- data/reports/GO-2025-3644.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fr22-5377-f3p7 #3644)
- data/reports/GO-2025-3691.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-h356-3mfw-x368 #3691)
- data/reports/GO-2025-3692.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qgwx-rffp-6cx9 #3692)
- data/reports/GO-2025-3693.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-r7r2-m3vr-c8qc #3693)
- data/reports/GO-2025-3694.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-fpff-wj6m-grvr #3694)
- data/reports/GO-2025-3724.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4mmr-2w8p-whcr #3724)
- data/reports/GO-2025-3728.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-86jg-35xj-3vv5 #3728)
- data/reports/GO-2025-3729.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-8cgx-9ccj-3gwr #3729)
- data/reports/GO-2025-3730.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-hc6v-386m-93pq #3730)
- data/reports/GO-2025-3731.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mc2f-jgj6-6cp3 #3731)
- data/reports/GO-2025-3756.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-4r67-4x4p-fprg #3756)
- data/reports/GO-2025-3757.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-jwhw-xf5v-qgxc #3757)
- data/reports/GO-2025-3769.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qh58-9v3j-wcjc #3769)
- data/reports/GO-2025-3771.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4578-6gjh-f2jm #3771)
- data/reports/GO-2025-3772.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qwwm-c582-82rx #3772)
- data/reports/GO-2025-3796.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-v8fr-vxmw-6mf6 #3796)
- data/reports/GO-2025-3797.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wgvp-jj4w-88hf #3797)
- data/reports/GO-2025-3818.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4fwj-8595-wp25 #3818)
- data/reports/GO-2025-3819.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-7h34-9chr-58qh #3819)
- data/reports/GO-2025-3820.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-wvw2-3jh4-4c39 #3820)
- data/reports/GO-2025-3901.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-gq3r-5833-5532 #3901)
- data/reports/GO-2025-3902.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-4276-cm8c-788h #3902)
- data/reports/GO-2025-3903.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pwvr-grqg-7vp2 #3903)
- data/reports/GO-2025-3904.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-q453-638c-h4mr #3904)
- data/reports/GO-2025-3905.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qj47-w9f2-qg44 #3905)
- data/reports/GO-2025-3906.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-vqwh-5jhh-vc9p #3906)
- data/reports/GO-2025-3907.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-x67c-v8jr-p29r #3907)
- data/reports/GO-2025-3910.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-pj6f-rc94-gw53 #3910)
- data/reports/GO-2025-3911.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-h469-4fcf-p23h #3911)
- data/reports/GO-2025-3950.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3vcm-c42p-3hhf #3950)
- data/reports/GO-2025-3958.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-69j8-prx2-vx98 #3958)
- data/reports/GO-2025-3959.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-9p92-x77w-9fw2 #3959)
- data/reports/GO-2025-3960.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-hm95-jx66-g2gh #3960)
- data/reports/GO-2025-3977.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-qx3f-6vq3-8j8m #3977)
- data/reports/GO-2025-3978.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-f72g-52v7-mg3p #3978)
- data/reports/GO-2025-4029.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-3q4q-wqm6-hvf3 #4029)
- data/reports/GO-2025-4030.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-424h-xj87-m937 #4030)
- data/reports/GO-2025-4031.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-7cr3-38jm-6p45 #4031)
- data/reports/GO-2025-4032.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-6q7m-p8cc-998r #4032)
- data/reports/GO-2025-4035.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-r6qj-894f-5hr2 #4035)
- data/reports/GO-2025-4036.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-xr3w-rmvj-f6m7 #4036)
- data/reports/GO-2025-4045.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-cffj-7w5c-jqjh #4045)
- data/reports/GO-2025-4046.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-ffcc-qr2v-3qmv #4046)
- data/reports/GO-2025-4047.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-r93j-3mmp-px57 #4047)
- data/reports/GO-2025-4048.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-7vmw-6c7h-rrrv #4048)
- data/reports/GO-2025-4050.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-h8qw-xqm9-q66j #4050)
- data/reports/GO-2025-4051.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-qrf6-h5fc-7m96 #4051)
- data/reports/GO-2025-4053.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-2j9c-76pp-xc5q #4053)
- data/reports/GO-2025-4054.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-379p-37xc-q963 #4054)
- data/reports/GO-2025-4055.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-43m6-wvc8-2m7j #4055)
- data/reports/GO-2025-4056.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-9jrx-fgrm-96qh #4056)
- data/reports/GO-2025-4057.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-9w4v-9c99-hv7r #4057)
- data/reports/GO-2025-4058.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-h3qg-w9j5-wh3m #4058)
- data/reports/GO-2025-4059.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-j26g-95ph-2mwv #4059)
- data/reports/GO-2025-4060.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-mj8v-773w-5qhj #4060)
- data/reports/GO-2025-4061.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-q3g9-hgrx-hwhx #4061)
- data/reports/GO-2025-4062.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-5q37-9874-qxcw #4062)
- data/reports/GO-2025-4063.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-g3f3-p9rc-775p #4063)
- data/reports/GO-2025-4064.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-m78r-2x6w-qqjp #4064)
- data/reports/GO-2025-4065.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-rm24-25xm-9454 #4065)
- data/reports/GO-2025-4066.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-vw57-55f8-c73q #4066)
- data/reports/GO-2025-4075.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server: GHSA-hgrp-fgm8-56g8 #4075)
- data/reports/GO-2025-4122.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-mqcj-8c2g-h97q #4122)
- data/reports/GO-2025-4126.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost-server/v6: GHSA-j6gg-r5jc-47cm #4126)
- data/reports/GO-2025-4128.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-xpg8-8xpv-948p #4128)
- data/reports/GO-2025-4129.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-ff85-qw3h-g9vp #4129)
- data/reports/GO-2025-4130.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-mqp8-pgg5-7x7m #4130)
- data/reports/GO-2025-4131.yaml (x/vulndb: potential Go vuln in github.com/mattermost/mattermost/server/v8: GHSA-x3hx-ch7p-8xgg #4131)
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/mattermost/mattermost-server
versions:
- introduced: 4.2.0-rc1+incompatible
- introduced: 4.3.0-rc1+incompatible
- fixed: 4.3.0+incompatible
non_go_versions:
- fixed: 4.1.2-0.20171004201910-6be8113eb60
- fixed: 4.2.1-0.20171004194140-6d3cb2ce07fc
vulnerable_at: 4.3.0-rc4+incompatible
summary: Mattermost Server is vulnerable to Directory Traversal by System Admins in github.com/mattermost/mattermost-server
cves:
- CVE-2017-18874
ghsas:
- GHSA-8qg8-c7mw-6fj7
references:
- advisory: https://github.com/advisories/GHSA-8qg8-c7mw-6fj7
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2017-18874
- fix: https://github.com/mattermost/mattermost/commit/6be8113eb60cf5ddd2dc1c3f4db05cae0c183086
- fix: https://github.com/mattermost/mattermost/commit/6d3cb2ce07fc799832081e93843b405b390057fa
- fix: https://github.com/mattermost/mattermost/commit/fadd9514f6e71590aba781a7035e1de4150137b0
- web: https://mattermost.com/security-updates
source:
id: GHSA-8qg8-c7mw-6fj7
created: 2025-11-20T22:01:45.534866931Z
review_status: UNREVIEWED