CVE-2022-2366

Source
https://cve.org/CVERecord?id=CVE-2022-2366
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2366.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-2366
Aliases
Published
2022-07-12T14:15:15.743Z
Modified
2026-04-10T04:44:56.290094Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.

References

Affected packages

Git / github.com/mattermost/mattermost-server

Affected ranges

Type
GIT
Repo
https://github.com/mattermost/mattermost-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Introduced
Fixed
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.3.9"
        },
        {
            "introduced": "6.4.0"
        },
        {
            "fixed": "6.5.2"
        },
        {
            "introduced": "6.6.0"
        },
        {
            "fixed": "6.6.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.7.0"
        }
    ]
}

Affected versions

Other
cloud-2020-11-24
cloud-2020-12-08
cloud-2020-12-18
cloud-2021-01-12
cloud-2021-01-26
cloud-2021-02-10
cloud-2021-02-24
cloud-2021-02-25-1
cloud-2021-03-12-1
cloud-2021-03-23-1
cloud-2021-04-22-1
cloud-2021-05-05-1
cloud-2021-05-21-1
cloud-2021-06-02-1
cloud-2021-06-16-1
cloud-2021-07-01-1
cloud-2021-07-15-1
cloud-2021-07-29-1
cloud-2021-08-12-1
cloud-2021-09-29-1
cloud-2021-10-12-1
cloud-2021-10-27-1
cloud-2021-11-09-1
cloud-2021-11-11-1
cloud-2021-11-23-1
cloud-2021-11-25-1
cloud-2021-11-30-1
cloud-2021-12-08-1
cloud-2022-03-02-1
cloud-2022-04-28-1
v0.*
v0.5.0
v4.*
v4.10.0-rc1
v4.2.0-rc1
v4.3.0-rc1
v4.4.0-rc1
v4.5.0-rc1
v4.6.0-rc1
v4.6.0-rc2
v4.7.0-rc1
v4.8.0-rc1
v4.9.0-rc1
v5.*
v5.0.0-rc1
v5.1.0-rc1
v5.2.0-rc1
v5.2.0-rc2
v6.*
v6.3.0
v6.3.1
v6.3.2
v6.3.3
v6.3.4
v6.3.5
v6.3.6
v6.3.7
v6.3.8
v6.5.0
v6.5.1
v6.6.0
v6.6.1
v6.7.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2366.json"