CVE-2022-2406

The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:6.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:6.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost:6.7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:00

Type Values Removed Values Added
CVSS v2 : 4.0
v3 : 6.5
v2 : 4.0
v3 : 4.3
References () https://mattermost.com/security-updates/ - Vendor Advisory () https://mattermost.com/security-updates/ - Vendor Advisory

30 Jun 2023, 18:49

Type Values Removed Values Added
CWE CWE-400 CWE-770

Information

Published : 2022-07-14 18:15

Updated : 2024-11-21 07:00


NVD link : CVE-2022-2406

Mitre link : CVE-2022-2406

CVE.ORG link : CVE-2022-2406


JSON object : View

Products Affected

mattermost

  • mattermost
CWE
CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling