Search criteria
4 vulnerabilities found for Mattermost Playbooks by Mattermost
CVE-2022-1548 (GCVE-0-2022-1548)
Vulnerability from nvd – Published: 2022-05-03 20:11 – Updated: 2024-12-06 23:09
VLAI
Title
Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.
Summary
Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.
Severity
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost Playbooks |
Affected:
Playbooks , ≤ 1.25
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:02.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mattermost.com/security-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T22:52:55.844166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T23:09:11.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mattermost Playbooks",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "Playbooks",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T20:11:21.000Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mattermost.com/security-updates/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost Playbooks Plugin to version v1.26.0 or higher."
}
],
"source": {
"advisory": "MMSA-2022-0096",
"defect": [
"https://mattermost.atlassian.net/browse/MM-41939"
],
"discovery": "INTERNAL"
},
"title": "Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "responsibledisclosure@mattermost.com",
"ID": "CVE-2022-1548",
"STATE": "PUBLIC",
"TITLE": "Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mattermost Playbooks",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Playbooks",
"version_value": "1.25"
}
]
}
}
]
},
"vendor_name": "Mattermost"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mattermost.com/security-updates/",
"refsource": "MISC",
"url": "https://mattermost.com/security-updates/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Mattermost Playbooks Plugin to version v1.26.0 or higher."
}
],
"source": {
"advisory": "MMSA-2022-0096",
"defect": [
"https://mattermost.atlassian.net/browse/MM-41939"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2022-1548",
"datePublished": "2022-05-03T20:11:21.000Z",
"dateReserved": "2022-05-02T00:00:00.000Z",
"dateUpdated": "2024-12-06T23:09:11.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1333 (GCVE-0-2022-1333)
Vulnerability from nvd – Published: 2022-04-13 17:06 – Updated: 2024-12-06 23:09
VLAI
Title
A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service
Summary
Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service.
Severity
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost Playbooks |
Affected:
Playbooks , ≤ 1.24
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mattermost.com/security-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T22:53:07.151142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T23:09:55.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mattermost Playbooks",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "Playbooks",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:06:01.000Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mattermost.com/security-updates/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost Playbooks Plugin to version v1.25.0 or higher."
}
],
"source": {
"advisory": "MMSA-2022-0093",
"defect": [
"https://mattermost.atlassian.net/browse/MM-41918"
],
"discovery": "INTERNAL"
},
"title": "A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "responsibledisclosure@mattermost.com",
"ID": "CVE-2022-1333",
"STATE": "PUBLIC",
"TITLE": "A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mattermost Playbooks",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Playbooks",
"version_value": "1.24"
}
]
}
}
]
},
"vendor_name": "Mattermost"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mattermost.com/security-updates/",
"refsource": "MISC",
"url": "https://mattermost.com/security-updates/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Mattermost Playbooks Plugin to version v1.25.0 or higher."
}
],
"source": {
"advisory": "MMSA-2022-0093",
"defect": [
"https://mattermost.atlassian.net/browse/MM-41918"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2022-1333",
"datePublished": "2022-04-13T17:06:01.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-12-06T23:09:55.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1548 (GCVE-0-2022-1548)
Vulnerability from cvelistv5 – Published: 2022-05-03 20:11 – Updated: 2024-12-06 23:09
VLAI
Title
Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.
Summary
Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.
Severity
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost Playbooks |
Affected:
Playbooks , ≤ 1.25
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:02.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mattermost.com/security-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T22:52:55.844166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T23:09:11.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mattermost Playbooks",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "Playbooks",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-03T20:11:21.000Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mattermost.com/security-updates/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost Playbooks Plugin to version v1.26.0 or higher."
}
],
"source": {
"advisory": "MMSA-2022-0096",
"defect": [
"https://mattermost.atlassian.net/browse/MM-41939"
],
"discovery": "INTERNAL"
},
"title": "Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "responsibledisclosure@mattermost.com",
"ID": "CVE-2022-1548",
"STATE": "PUBLIC",
"TITLE": "Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mattermost Playbooks",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Playbooks",
"version_value": "1.25"
}
]
}
}
]
},
"vendor_name": "Mattermost"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mattermost.com/security-updates/",
"refsource": "MISC",
"url": "https://mattermost.com/security-updates/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Mattermost Playbooks Plugin to version v1.26.0 or higher."
}
],
"source": {
"advisory": "MMSA-2022-0096",
"defect": [
"https://mattermost.atlassian.net/browse/MM-41939"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2022-1548",
"datePublished": "2022-05-03T20:11:21.000Z",
"dateReserved": "2022-05-02T00:00:00.000Z",
"dateUpdated": "2024-12-06T23:09:11.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1333 (GCVE-0-2022-1333)
Vulnerability from cvelistv5 – Published: 2022-04-13 17:06 – Updated: 2024-12-06 23:09
VLAI
Title
A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service
Summary
Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service.
Severity
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost Playbooks |
Affected:
Playbooks , ≤ 1.24
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mattermost.com/security-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T22:53:07.151142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T23:09:55.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mattermost Playbooks",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "Playbooks",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:06:01.000Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mattermost.com/security-updates/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost Playbooks Plugin to version v1.25.0 or higher."
}
],
"source": {
"advisory": "MMSA-2022-0093",
"defect": [
"https://mattermost.atlassian.net/browse/MM-41918"
],
"discovery": "INTERNAL"
},
"title": "A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "responsibledisclosure@mattermost.com",
"ID": "CVE-2022-1333",
"STATE": "PUBLIC",
"TITLE": "A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mattermost Playbooks",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Playbooks",
"version_value": "1.24"
}
]
}
}
]
},
"vendor_name": "Mattermost"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mattermost.com/security-updates/",
"refsource": "MISC",
"url": "https://mattermost.com/security-updates/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Mattermost Playbooks Plugin to version v1.25.0 or higher."
}
],
"source": {
"advisory": "MMSA-2022-0093",
"defect": [
"https://mattermost.atlassian.net/browse/MM-41918"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2022-1333",
"datePublished": "2022-04-13T17:06:01.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2024-12-06T23:09:55.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}