-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
GoGo| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/mattermost/mattermost/server/v8 | go | < 8.0.0-20250102081831-64c566a8280b | 8.0.0-20250102081831-64c566a8280b |
| github.com/mattermost/mattermost/server/v8 | go | >= 9.11.0, < 9.11.6 | 9.11.6 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing authorization checks when modifying the 'allow_open_invite' team setting. Functions responsible for processing team updates (e.g., UpdateTeam in app/team.go and its API handler in api4/team.go) are the most likely candidates. These functions would normally enforce permissions for team modifications, but the vulnerability suggests they failed to validate invite-specific privileges before allowing the 'allow_open_invite' field change. Confidence is medium due to reliance on typical Mattermost architecture patterns, as no explicit code/diff was provided.
Ongoing coverage of React2Shell