Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates/ | Vendor Advisory |
https://mattermost.com/security-updates/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:00
Type | Values Removed | Values Added |
---|---|---|
References | () https://mattermost.com/security-updates/ - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.6 |
Information
Published : 2022-07-12 14:15
Updated : 2024-11-21 07:00
NVD link : CVE-2022-2366
Mitre link : CVE-2022-2366
CVE.ORG link : CVE-2022-2366
JSON object : View
Products Affected
mattermost
- mattermost_server
CWE
CWE-276
Incorrect Default Permissions