Skip to content

Commit f2ca2ed

Browse files
1 parent d8dc88d commit f2ca2ed

2 files changed

Lines changed: 122 additions & 36 deletions

File tree

Lines changed: 122 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,122 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jx93-pf6x-874r",
4+
"modified": "2026-06-01T15:00:04Z",
5+
"published": "2026-05-18T09:31:47Z",
6+
"aliases": [
7+
"CVE-2026-3495"
8+
],
9+
"summary": "Mattermost doesn't escape some variables that could contain malicious content during error page composition",
10+
"details": "Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Go",
21+
"name": "github.com/mattermost/mattermost/server/v8"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "10.11.0"
29+
},
30+
{
31+
"fixed": "10.11.14"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Go",
40+
"name": "github.com/mattermost/mattermost/server/v8"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "11.5.0"
48+
},
49+
{
50+
"fixed": "11.5.2"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Go",
59+
"name": "github.com/mattermost/mattermost/server/v8"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "0"
67+
},
68+
{
69+
"fixed": "8.0.0-20260310115442-5a1ea95044d"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Go",
78+
"name": "github.com/mattermost/mattermost-server"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "0"
86+
},
87+
{
88+
"fixed": "5.3.2-0.20260310115442-5a1ea95044dc"
89+
}
90+
]
91+
}
92+
]
93+
}
94+
],
95+
"references": [
96+
{
97+
"type": "ADVISORY",
98+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3495"
99+
},
100+
{
101+
"type": "WEB",
102+
"url": "https://github.com/mattermost/mattermost/commit/5a1ea95044dc2d1ca601bfe9a4c1bc17990f3872"
103+
},
104+
{
105+
"type": "PACKAGE",
106+
"url": "https://github.com/mattermost/mattermost"
107+
},
108+
{
109+
"type": "WEB",
110+
"url": "https://mattermost.com/security-updates"
111+
}
112+
],
113+
"database_specific": {
114+
"cwe_ids": [
115+
"CWE-79"
116+
],
117+
"severity": "LOW",
118+
"github_reviewed": true,
119+
"github_reviewed_at": "2026-06-01T15:00:03Z",
120+
"nvd_published_at": "2026-05-18T08:16:13Z"
121+
}
122+
}

advisories/unreviewed/2026/05/GHSA-jx93-pf6x-874r/GHSA-jx93-pf6x-874r.json

Lines changed: 0 additions & 36 deletions
This file was deleted.

0 commit comments

Comments
 (0)