Stateward All advisories →
medium
CVE-2025-13767
Go · github.com/mattermost/mattermost-server • Go · github.com/mattermost/mattermost-server/v5 • Go · github.com/mattermost/mattermost-server/v6 • Go · github.com/mattermost/mattermost/server/v8
Summary Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues in github.com/mattermost/mattermost-server
Severity medium EPSS 0.2% (p6) Also known as GHSA-fmqf-pmcm-8cx9, GHSA-fmqf-pmcm-8cx9#github.com/mattermost/mattermost-server, GHSA-fmqf-pmcm-8cx9#github.com/mattermost/mattermost/server/v8, GO-2025-4259, GO-2025-4259#github.com/mattermost/mattermost-server, GO-2025-4259#github.com/mattermost/mattermost-server/v5, GO-2025-4259#github.com/mattermost/mattermost-server/v6, GO-2025-4259#github.com/mattermost/mattermost/server/v8 Published 2026-02-26 Related advisories CVE-2026-6346 — high · Go/github.com/mattermost/mattermost-serverCVE-2026-6347 — high · Go/github.com/mattermost/mattermost-serverCVE-2026-6339 — medium · Go/github.com/mattermost/mattermost-serverCVE-2026-5163 — medium · Go/github.com/mattermost/mattermost-serverCVE-2026-28732 — medium · Go/github.com/mattermost/mattermost-serverCVE-2026-6345 — medium · Go/github.com/mattermost/mattermost-serverCVE-2026-6340 — medium · Go/github.com/mattermost/mattermost-serverCVE-2026-3637 — medium · Go/github.com/mattermost/mattermost-serverIs your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.
Check my repo