6.5
CVE-2022-2406
- EPSS 0.75%
- Veröffentlicht 14.07.2022 18:15:08
- Zuletzt bearbeitet 21.11.2024 07:00:55
- Quelle responsibledisclosure@mattermo
- CVE-Watchlists
- Unerledigt
Malicious imports can lead to Denial of Service
The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mattermost ≫ Mattermost Version <= 6.3.8
Mattermost ≫ Mattermost Version >= 6.4.0 <= 6.5.1
Mattermost ≫ Mattermost Version6.6.0
Mattermost ≫ Mattermost Version6.6.1
Mattermost ≫ Mattermost Version6.7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.75% | 0.502 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
| responsibledisclosure@mattermost.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://mattermost.com/security-updates/