CVE-2022-2366

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:6.7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:00

Type Values Removed Values Added
References () https://mattermost.com/security-updates/ - Vendor Advisory () https://mattermost.com/security-updates/ - Vendor Advisory
CVSS v2 : 5.0
v3 : 5.3
v2 : 5.0
v3 : 5.6

Information

Published : 2022-07-12 14:15

Updated : 2024-11-21 07:00


NVD link : CVE-2022-2366

Mitre link : CVE-2022-2366

CVE.ORG link : CVE-2022-2366


JSON object : View

Products Affected

mattermost

  • mattermost_server
CWE
CWE-276

Incorrect Default Permissions