-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
GoGo| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/mattermost/mattermost-server/v6 | go | < 7.8.12 | 7.8.12 |
| github.com/mattermost/mattermost/server/v8 | go | >= 8.0.0, < 8.0.4 | 8.0.4 |
| github.com/mattermost/mattermost/server/v8 | go | >= 8.1.0, < 8.1.3 | 8.1.3 |
| github.com/mattermost/mattermost/server/v8 | go | = 9.0.0 | 9.0.1 |
Miggo AIRoot Cause AnalysisThe commit diff shows the vulnerability was fixed by adding newUser.Sanitize() in UpdateUser (user.go), indicating this function previously returned unsanitized user data. The accompanying test updates in user_test.go verify password field emptiness, confirming the exposure vector. PatchUser's test modifications further validate the fix's scope. CWE-200 aligns with the unsanitized sensitive data exposure in the response.
Ongoing coverage of React2Shell