CVE-2022-2366

Published: Jul 12, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.

Affected (4)

Products: Mattermost: Mattermost Server

Mattermost

1 product

Mattermost Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mattermost Mattermost Server	Before 6.3.9
Mattermost Mattermost Server	From 6.4.0 to 6.5.2
Mattermost Mattermost Server	From 6.6.0 to 6.6.2
Mattermost Mattermost Server	Version 6.7.0

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://mattermost.com/security-updates/

Source: responsibledisclosure@mattermost.com

Vendor Advisory

https://mattermost.com/security-updates/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.