CVE-2022-4045 — Allocation of Resources Without Limits or Throttling in Mattermost

CWE-770 — Allocation of Resources Without Limits or Throttling6 documents6 sources

Severity

6.5MEDIUMNVD

CNA3.1

EPSS

0.5%

top 36.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mattermost Github.com Mattermost Mattermost-server

Timeline

PublishedNov 23

Description

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Gogithub.com/mattermost_mattermost-server7.2.0 — 7.2.1+2

▶CVEListV5mattermost/mattermost< 7.3.*

🔴Vulnerability Details

OSV

Denial of service in Mattermost↗2022-11-23

▶

GHSA

Denial of service in Mattermost↗2022-11-23

▶

CVEList

Authenticated user could send multiple requests containing a parameter which could fetch a large amount of data and can crash a Mattermost server↗2022-11-23

▶

💥Exploits & PoCs

Exploit-DB

TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)↗2022-09-23

▶