-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/mattermost/mattermost-server | go | >= 9.6.0-rc1, <= 9.6.0 | 9.6.1 |
| github.com/mattermost/mattermost-server | go | >= 9.5.0, <= 9.5.2 | 9.5.3 |
| github.com/mattermost/mattermost-server | go | >= 9.4.0, <= 9.4.4 | 9.4.5 |
| github.com/mattermost/mattermost-server | go | >= 8.1.0, <= 8.1.11 | 8.1.12 |
GoGoMiggo AIRoot Cause AnalysisThe vulnerability stems from missing session limit enforcement and rate-limiting. The patch adds 1) a maxSessionsLimit constant, 2) session revocation logic in limitNumberOfSessions, and 3) rate-limiting for the /sessions endpoint. The vulnerable functions are those responsible for session creation (CreateSession, newSession) and session retrieval (GetSessions) which lacked these protections. The commit diffs show these functions were modified to add limit checks, confirming their role in the vulnerability.
Ongoing coverage of React2Shell