First published: Wed Nov 23 2022(Updated: )
A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.
Credit: responsibledisclosure@mattermost.com responsibledisclosure@mattermost.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mattermost Mattermost | ||
Update Mattermost to version v7.1.4, 7.2.1, 7.3.1, 7.4.0 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Mattermost Playbooks plugin vulnerability is CVE-2022-4019.
The severity of the CVE-2022-4019 vulnerability is medium, with a CVSS score of 6.5.
The vulnerability allows an authenticated user to crash the server through multiple large requests to one of the Playbooks API endpoints.
The Mattermost Mattermost software is affected by the CVE-2022-4019 vulnerability.
You can find more information about the CVE-2022-4019 vulnerability at the following references: [HackerOne Report](https://hackerone.com/reports/1685979) and [Mattermost Security Updates](https://mattermost.com/security-updates/).