CVE-2022-4019

A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://hackerone.com/reports/1685979	Third Party Advisory
https://mattermost.com/security-updates/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mattermost:mattermost:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:56

Type	Values Removed	Values Added
Summary	~~A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.~~	A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.

Information

Published : 2022-11-23 06:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-4019

Mitre link : CVE-2022-4019

CVE.ORG link : CVE-2022-4019

JSON object : View

Products Affected

mattermost

mattermost

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2022-4019", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-11-23T06:15:09.223", "references": [{"url": "https://hackerone.com/reports/1685979", "tags": ["Third Party Advisory"], "source": "responsibledisclosure@mattermost.com"}, {"url": "https://mattermost.com/security-updates/", "tags": ["Vendor Advisory"], "source": "responsibledisclosure@mattermost.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "responsibledisclosure@mattermost.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.\n"}, {"lang": "es", "value": "Una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en el complemento Mattermost Playbooks permite que un usuario autenticado bloquee el servidor a trav\u00e9s de m\u00faltiples solicitudes grandes a uno de los endpoints de la API de Playbooks."}], "lastModified": "2023-11-07T03:56:42.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE1073F4-FDE8-4875-951A-D87150D54A12"}], "operator": "OR"}]}], "sourceIdentifier": "responsibledisclosure@mattermost.com"}