Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://mattermost.com/security-updates/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mattermost
Published: 2022-07-11T14:08:50
Updated: 2024-08-03T00:32:09.696Z
Reserved: 2022-07-11T00:00:00
Link: CVE-2022-2366
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-07-12T14:15:15.743
Modified: 2022-07-28T15:37:26.400
Link: CVE-2022-2366
Redhat
No data.