CVE-2022-1333

EPSS 0.36%
Veröffentlicht 13.04.2022 18:15:09
Zuletzt bearbeitet 21.11.2024 06:40:30
Quelle responsibledisclosure@mattermo
Teams Watchlist Login
Unerledigt Login

Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mattermost ≫ Playbooks Version <= 1.24.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.574

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
responsibledisclosure@mattermost.com	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://mattermost.com/security-updates/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1333

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1333

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1333

EUVD