CVE-2022-2366

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
References
Link Resource
https://mattermost.com/security-updates/ Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:mattermost:mattermost_server:6.7.0:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

Information

Published : 2022-07-12 02:15

Updated : 2022-07-28 03:37


NVD link : CVE-2022-2366

Mitre link : CVE-2022-2366

Products Affected
No products.
CWE
CWE-276

Incorrect Default Permissions