Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
References
Link | Resource |
---|---|
https://mattermost.com/security-updates/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-07-11T14:08:50
Updated: 2022-07-11T14:08:50
Reserved: 2022-07-11T00:00:00
Link: CVE-2022-2366
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-07-12T14:15:15.743
Modified: 2022-07-28T15:37:26.400
Link: CVE-2022-2366
JSON object: View
Redhat Information
No data.
CWE