Adding detection events for mattermost-10.3 (#11297)

* Adding Advisory GHSA-45v9-w9fh-33j6 for mattermost-10.3 * Adding Advisory GHSA-5m7j-6gc4-ff5g for mattermost-10.3 * Adding Advisory GHSA-8j3q-gc9x-7972 for mattermost-10.3 --------- Co-authored-by: octo-sts[bot] <[email protected]>
wolfi-dev · Jan 17, 2025 · 60cd0bc · 60cd0bc
1 parent 511b166
commit 60cd0bc
Showing 1 changed file with 54 additions and 0 deletions.
diff --git a/mattermost-10.3.advisories.yaml b/mattermost-10.3.advisories.yaml
@@ -162,6 +162,24 @@ advisories:
         data:
           note: The issue regarding disintegration/imaging v1.6.2 where the index of the scan function in scanner.go can go out of bounds has an open PR https://github.com/disintegration/imaging/issues/165 but no implemented fix yet
 
+  - id: CGA-62fp-7764-7xgv
+    aliases:
+      - CVE-2025-20088
+      - GHSA-45v9-w9fh-33j6
+    events:
+      - timestamp: 2025-01-17T08:22:20Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: mattermost-10.3
+            componentID: d102f49eb6cc2d1a
+            componentName: github.com/mattermost/mattermost/server/v8
+            componentVersion: v3.46.0
+            componentType: go-module
+            componentLocation: /usr/bin/mattermost
+            scanner: grype
+
   - id: CGA-6gj8-2fvm-r6g9
     aliases:
       - CVE-2023-7113
@@ -857,6 +875,24 @@ advisories:
           type: vulnerable-code-version-not-used
           note: 'This vulnerability was remediated in mattermost v7.x, Specifically, in versions 7.1.4, 7.2.1, 7.3.1, and 7.4.0. For more information, please refer to https://mattermost.com/security-updates/ and search for the ID MMSA-2022-00118 in the server tab. '
 
+  - id: CGA-qw58-2v6m-m6cm
+    aliases:
+      - CVE-2025-20086
+      - GHSA-5m7j-6gc4-ff5g
+    events:
+      - timestamp: 2025-01-17T08:22:39Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: mattermost-10.3
+            componentID: d102f49eb6cc2d1a
+            componentName: github.com/mattermost/mattermost/server/v8
+            componentVersion: v3.46.0
+            componentType: go-module
+            componentLocation: /usr/bin/mattermost
+            scanner: grype
+
   - id: CGA-r72w-vv9m-6p9f
     aliases:
       - CVE-2025-22445
@@ -992,6 +1028,24 @@ advisories:
             A bug has been filed upstream against Syft, and the maintainers have confirmed it's a scanner issue.
             See: https://github.com/anchore/syft/issues/2980.
 
+  - id: CGA-w5wq-9vmg-3868
+    aliases:
+      - CVE-2025-21088
+      - GHSA-8j3q-gc9x-7972
+    events:
+      - timestamp: 2025-01-17T08:22:59Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: mattermost-10.3
+            componentID: d102f49eb6cc2d1a
+            componentName: github.com/mattermost/mattermost/server/v8
+            componentVersion: v3.46.0
+            componentType: go-module
+            componentLocation: /usr/bin/mattermost
+            scanner: grype
+
   - id: CGA-xf9f-9r6m-r6v4
     aliases:
       - CVE-2024-23488