—

GO-2026-5092

Mattermost allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in github.com/mattermost/mattermost-server

상세

Mattermost allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in github.com/mattermost/mattermost-server

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Go / github.com/mattermost/mattermost-server

최초 영향 버전: 10.11.0-rc1+incompatible 수정 버전: 10.11.12+incompatible

수정 go get github.com/mattermost/mattermost-server@v10.11.12+incompatible

Go / github.com/mattermost/mattermost-server/v5

최초 영향 버전: 0

No fixed version published yet for github.com/mattermost/mattermost-server/v5 (go modules). Pin to a known-safe version or switch to an alternative.

Go / github.com/mattermost/mattermost-server/v6

최초 영향 버전: 0

No fixed version published yet for github.com/mattermost/mattermost-server/v6 (go modules). Pin to a known-safe version or switch to an alternative.

Go / github.com/mattermost/mattermost/server/v8

최초 영향 버전: 8.0.0-20260105080200-d27a2195068d 수정 버전: 8.0.0-20260217110922-b7d4a1f1f59b

수정 go get github.com/mattermost/mattermost/server/v8@v8.0.0-20260217110922-b7d4a1f1f59b

참고

https://github.com/advisories/GHSA-3mw5-466q-295q [ADVISORY]
https://nvd.nist.gov/vuln/detail/CVE-2026-3112 [ADVISORY]
https://mattermost.com/security-updates [WEB]