mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
112 lines
3.9 KiB
JSON
112 lines
3.9 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "responsibledisclosure@mattermost.com",
|
|
"ID": "CVE-2022-2366",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Incorrect defaults can cause attackers to bypass rate limitations "
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Mattermost",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "6.x",
|
|
"version_value": "6.3.8"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "6.5.x",
|
|
"version_value": "6.5.1"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "6.6.x",
|
|
"version_value": "6.6.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_name": "6.7.x",
|
|
"version_value": "6.7.0"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Mattermost"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Thanks to Adam Pritchard for contributing to this improvement under the Mattermost responsible disclosure policy."
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 5.6,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-276 Incorrect Default Permissions"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://mattermost.com/security-updates/",
|
|
"name": "https://mattermost.com/security-updates/"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": " MMSA-2022-00109",
|
|
"defect": [
|
|
"https://mattermost.atlassian.net/browse/MM-42379"
|
|
],
|
|
"discovery": "EXTERNAL"
|
|
}
|
|
} |