CVE-2022-2366

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-2366

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2366.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-2366

Aliases

BIT-mattermost-2022-2366

Published

2022-07-12T14:15:15.743Z

Modified

2026-02-05T07:57:01.089216Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.

References

https://mattermost.com/security-updates/

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type: GIT
Repo: https://github.com/mattermost/mattermost-server
Events: Introduced

e05e0f9379e1324618601e3ba6111d78710e6319

Fixed

2b253fcd159c2d931553418b0051866452f1d2ac

Introduced

86a797bc64e7448dbfaa670ed6b8fd7b437e97c3

Fixed

6aae704dd1d98773d9269faa3df84a05d3b18b29

Fixed

f2f46f8da34f483288604f26ae395d7da8ebea2e

Affected versions

v6.*

v6.6.0

v6.6.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2366.json"