CVE-2022-1333

Source
https://cve.org/CVERecord?id=CVE-2022-1333
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1333.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-1333
Published
2022-04-13T17:06:01Z
Modified
2026-07-08T06:03:42.567000267Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
Summary
A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service
Details

Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "Playbooks"
                },
                {
                    "last_affected": "1.24"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1333.json",
    "cna_assigner": "Mattermost",
    "cwe_ids": [
        "CWE-770"
    ]
}
References

Affected packages

Git / github.com/mattermost/mattermost-plugin-playbooks

Affected ranges

Type
GIT
Repo
https://github.com/mattermost/mattermost-plugin-playbooks
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:mattermost:playbooks:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.24.0"
        }
    ]
}

Affected versions

client/v0.*
client/v0.1.0
client/v0.1.1
client/v0.2.0
client/v0.3.0
client/v0.4.0
client/v0.5.0
client/v0.6.0
client/v0.7.0
v0.*
v0.1.0
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.4.0
v0.4.0-alpha.1
v0.4.0-alpha.2
v0.4.0-alpha.3
v0.4.0-alpha.4
v0.4.0-alpha.5
v0.5.0
v0.5.0-alpha.1
v0.5.0-alpha.2
v0.5.0-alpha.3
v0.5.0-alpha.4
v0.5.0-alpha.5
v0.5.0-alpha.6
v0.6.0
v0.6.0-alpha.1
v0.6.0-alpha.2
v0.6.0-alpha.3
v0.7.0
v0.7.0-alpha.1
v0.7.0-alpha.2
v0.7.0-alpha.3
v0.7.0-alpha.4
v1.*
v1.0.0
v1.0.0-alpha.1
v1.0.0-alpha.2
v1.0.0-alpha.3
v1.1.0
v1.1.1
v1.10.0
v1.11.0
v1.12.0
v1.12.0-alpha.1
v1.13.0
v1.13.0-alpha.1
v1.13.0-alpha.2
v1.13.0-alpha.3
v1.13.0-alpha.4
v1.14.0
v1.14.0-alpha.1
v1.14.0-alpha.2
v1.15.0
v1.15.1-alpha.3
v1.16.0+alpha.1
v1.16.0+alpha.2
v1.16.0-rc1
v1.17.0
v1.18.0-alpha.1
v1.18.0-alpha.2
v1.18.0-alpha.3
v1.18.0-rc1
v1.19.0
v1.19.0-alpha.1
v1.2.0
v1.2.0-alpha.1
v1.2.0-alpha.2
v1.20.0
v1.20.0-alpha.1
v1.21.0-alpha.1
v1.21.0-alpha.2
v1.21.0-alpha.3
v1.22.0+alpha.1
v1.22.0+alpha.2
v1.22.0+alpha.3
v1.23.0+alpha.1
v1.23.0-alpha.1
v1.24.0
v1.24.0-rc2
v1.3.0
v1.3.1
v1.4.0
v1.5.0
v1.5.1
v1.6.0
v1.7.0
v1.8.0
v1.8.0-alpha.1
v1.9.0
v1.9.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1333.json"