Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates/ |
History
Fri, 06 Dec 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-07-11T14:08:50
Updated: 2024-12-06T23:08:46.139Z
Reserved: 2022-07-11T00:00:00
Link: CVE-2022-2366
Vulnrichment
Updated: 2024-08-03T00:32:09.696Z
NVD
Status : Modified
Published: 2022-07-12T14:15:15.743
Modified: 2024-11-21T07:00:50.860
Link: CVE-2022-2366
Redhat
No data.