CVE-2022-2406

The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API.
References
Link Resource
https://mattermost.com/security-updates/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:6.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:6.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:6.7.0:*:*:*:*:*:*:*

History

30 Jun 2023, 18:49

Type Values Removed Values Added
CWE CWE-400 CWE-770

Information

Published : 2022-07-14 18:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-2406

Mitre link : CVE-2022-2406

CVE.ORG link : CVE-2022-2406


JSON object : View

Products Affected

mattermost

  • mattermost
CWE
CWE-770

Allocation of Resources Without Limits or Throttling

CWE-400

Uncontrolled Resource Consumption