-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/mattermost/mattermost/server/v8 | go | >= 10.5.0, < 10.5.2 | 10.5.2 |
| github.com/mattermost/mattermost/server/v8 | go | >= 9.11.0, < 9.11.10 | 9.11.10 |
| github.com/mattermost/mattermost/server/v8 | go | < 8.0.0-20250213231113-68c11e9ecb71 | 8.0.0-20250213231113-68c11e9ecb71 |
GoGoMiggo AIRoot Cause AnalysisThe vulnerability allowed obtaining metadata of deleted files via bookmark creation due to insufficient checks. The core of the flaw resided in the ErrorIfBookmarkFileInfoAlreadyAttached method within SqlChannelBookmarkStore, which, before the patch, did not verify if a file was deleted (DeleteAt != 0) or if it belonged to the correct channel. The patch rectified this by adding these checks and modifying the function signature to include channelId.
The application-level functions (*App).CreateChannelBookmark (which calls (*SqlChannelBookmarkStore).Save) and (*App).UpdateChannelBookmark served as entry points for this vulnerability. They relied on the flawed store-level validation. (*SqlChannelBookmarkStore).Save itself is also listed as it's a direct caller of the vulnerable check during the creation process.
The identified functions are those that either contained the flawed logic or were direct upstream callers that would be involved in an exploit flow by processing user input (e.g., a file ID for a bookmark) that would then pass through the insufficient validation.
Ongoing coverage of React2Shell