Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
References
History

Fri, 06 Dec 2024 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mattermost

Published: 2022-07-11T14:08:50

Updated: 2024-12-06T23:08:46.139Z

Reserved: 2022-07-11T00:00:00

Link: CVE-2022-2366

cve-icon Vulnrichment

Updated: 2024-08-03T00:32:09.696Z

cve-icon NVD

Status : Modified

Published: 2022-07-12T14:15:15.743

Modified: 2024-11-21T07:00:50.860

Link: CVE-2022-2366

cve-icon Redhat

No data.