Publish Advisories

GHSA-wjc4-73q6-gv3m
GHSA-x3r8-2hmh-89f5

Author: advisory-database[bot]

advisories/github-reviewed/2024/01/GHSA-wjc4-73q6-gv3m/GHSA-wjc4-73q6-gv3m.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wjc4-73q6-gv3m",
-  "modified": "2024-01-03T19:38:54Z",
+  "modified": "2025-12-26T15:16:48Z",
   "published": "2024-01-03T06:30:27Z",
   "aliases": [
     "CVE-2023-46308"
@@ -59,6 +59,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46308"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/plotly/plotly.R/issues/2463"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/plotly/plotly.js/commit/02498404c8ad7a3395191e65694fb142a37b0fe9"

advisories/github-reviewed/2025/12/GHSA-x3r8-2hmh-89f5/GHSA-x3r8-2hmh-89f5.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x3r8-2hmh-89f5",
-  "modified": "2025-12-20T17:27:10Z",
+  "modified": "2025-12-26T15:17:57Z",
   "published": "2025-12-17T21:30:48Z",
   "aliases": [
     "CVE-2025-13324"
   ],
   "summary": "Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation",
-  "details": "Mattermost versions 10.11.x < 10.11.5, 11.0.x < 11.0.4, 10.12.x < 10.12.2 fail to invalidate invite tokens after use which allows malicious actors who have intercepted invite tokens to manipulate channel memberships including adding or removing users from private channels via token replay attack.",
+  "details": "Mattermost versions 10.11.x < 10.11.5, 11.0.x < 11.0.4, 10.12.x < 10.12.2 fail to invalidate remote cluster invite tokens when using the legacy (version 1) protocol or when the confirming party does not provide a refreshed token, which allows an attacker who has obtained an invite token to authenticate as the remote cluster and perform limited actions on shared channels even after the invitation has been legitimately confirmed.",
   "severity": [
     {
       "type": "CVSS_V3",