GHSA-c873-wfhp-wx5m:  SP1 has missing verifier checks and fiat-shamir observations

GHSA-7pq6-v88g-wf3w: Sentry's improper authentication on SAML SSO process allows user impersonation

GHSA-2c6g-pfx3-w7h8: Insecure Temporary File in RESTEasy

GHSA-5m7j-6gc4-ff5g: Mattermost fails to properly validate post props

GHSA-45v9-w9fh-33j6: Mattermost fails to properly validate post props

Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-20088

**Mattermost fails to properly validate post props**

Moderate severity GitHub Reviewed Published Jan 15, 2025 to the GitHub Advisory Database • Updated Jan 15, 2025

**Package**

gomod github.com/mattermost/mattermost/server/v8 (Go)

**Affected versions**

\>= 10.2.0, < 10.2.1

\>= 10.1.0, <= 10.1.3

\>= 10.0.0, <= 10.0.3

\>= 9.11.0, <= 9.11.5

< 8.0.0-20241127161322-25ff7a3779a5

**Patched versions**

10.2.1

10.1.4

10.0.4

9.11.6

8.0.0-20241127161322-25ff7a3779a5

Published to the GitHub Advisory Database

Jan 15, 2025

Last updated

Jan 15, 2025

Headline

GHSA-45v9-w9fh-33j6: Mattermost fails to properly validate post props

ghsa: Latest News