CVE-2022-2366

EPSS 0.19%
Published 12.07.2022 14:15:15
Last modified 21.11.2024 07:00:50
Source responsibledisclosure@mattermo
Teams watchlist Login
Open Login

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Mattermost ≫ Mattermost Server Version < 6.3.9

Mattermost ≫ Mattermost Server Version >= 6.4.0 < 6.5.2

Mattermost ≫ Mattermost Server Version >= 6.6.0 < 6.6.2

Mattermost ≫ Mattermost Server Version6.7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.407

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
responsibledisclosure@mattermost.com	5.6	2.2	3.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://mattermost.com/security-updates/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-2366

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2366

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2366

EUVD