Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for playbooks by mattermost

    CVE-2022-1548 (GCVE-0-2022-1548)

    Vulnerability from nvd – Published: 2022-05-03 20:11 – Updated: 2024-12-06 23:09
    VLAI
    Title
    Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.
    Summary
    Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates/ x_refsource_MISC
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Playbooks Affected: Playbooks , ≤ 1.25 (custom)
    Create a notification for this product.
    Credits
    Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:02.917Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mattermost.com/security-updates/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1548",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-06T22:52:55.844166Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-06T23:09:11.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mattermost Playbooks",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "1.25",
                  "status": "affected",
                  "version": "Playbooks",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-03T20:11:21.000Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mattermost.com/security-updates/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost Playbooks Plugin to version v1.26.0 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2022-0096",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-41939"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "responsibledisclosure@mattermost.com",
              "ID": "CVE-2022-1548",
              "STATE": "PUBLIC",
              "TITLE": "Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mattermost Playbooks",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "Playbooks",
                                "version_value": "1.25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mattermost"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mattermost.com/security-updates/",
                  "refsource": "MISC",
                  "url": "https://mattermost.com/security-updates/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update Mattermost Playbooks Plugin to version v1.26.0 or higher."
              }
            ],
            "source": {
              "advisory": "MMSA-2022-0096",
              "defect": [
                "https://mattermost.atlassian.net/browse/MM-41939"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2022-1548",
        "datePublished": "2022-05-03T20:11:21.000Z",
        "dateReserved": "2022-05-02T00:00:00.000Z",
        "dateUpdated": "2024-12-06T23:09:11.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1333 (GCVE-0-2022-1333)

    Vulnerability from nvd – Published: 2022-04-13 17:06 – Updated: 2024-12-06 23:09
    VLAI
    Title
    A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service
    Summary
    Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates/ x_refsource_MISC
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Playbooks Affected: Playbooks , ≤ 1.24 (custom)
    Create a notification for this product.
    Credits
    Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.170Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mattermost.com/security-updates/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-06T22:53:07.151142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-06T23:09:55.390Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mattermost Playbooks",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "1.24",
                  "status": "affected",
                  "version": "Playbooks",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-13T17:06:01.000Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mattermost.com/security-updates/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost Playbooks Plugin to version v1.25.0 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2022-0093",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-41918"
            ],
            "discovery": "INTERNAL"
          },
          "title": "A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "responsibledisclosure@mattermost.com",
              "ID": "CVE-2022-1333",
              "STATE": "PUBLIC",
              "TITLE": "A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mattermost Playbooks",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "Playbooks",
                                "version_value": "1.24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mattermost"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-770 Allocation of Resources Without Limits or Throttling"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mattermost.com/security-updates/",
                  "refsource": "MISC",
                  "url": "https://mattermost.com/security-updates/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update Mattermost Playbooks Plugin to version v1.25.0 or higher."
              }
            ],
            "source": {
              "advisory": "MMSA-2022-0093",
              "defect": [
                "https://mattermost.atlassian.net/browse/MM-41918"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2022-1333",
        "datePublished": "2022-04-13T17:06:01.000Z",
        "dateReserved": "2022-04-13T00:00:00.000Z",
        "dateUpdated": "2024-12-06T23:09:55.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1548 (GCVE-0-2022-1548)

    Vulnerability from cvelistv5 – Published: 2022-05-03 20:11 – Updated: 2024-12-06 23:09
    VLAI
    Title
    Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.
    Summary
    Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates/ x_refsource_MISC
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Playbooks Affected: Playbooks , ≤ 1.25 (custom)
    Create a notification for this product.
    Credits
    Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:10:02.917Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mattermost.com/security-updates/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1548",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-06T22:52:55.844166Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-06T23:09:11.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mattermost Playbooks",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "1.25",
                  "status": "affected",
                  "version": "Playbooks",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-03T20:11:21.000Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mattermost.com/security-updates/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost Playbooks Plugin to version v1.26.0 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2022-0096",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-41939"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "responsibledisclosure@mattermost.com",
              "ID": "CVE-2022-1548",
              "STATE": "PUBLIC",
              "TITLE": "Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mattermost Playbooks",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "Playbooks",
                                "version_value": "1.25"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mattermost"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mattermost.com/security-updates/",
                  "refsource": "MISC",
                  "url": "https://mattermost.com/security-updates/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update Mattermost Playbooks Plugin to version v1.26.0 or higher."
              }
            ],
            "source": {
              "advisory": "MMSA-2022-0096",
              "defect": [
                "https://mattermost.atlassian.net/browse/MM-41939"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2022-1548",
        "datePublished": "2022-05-03T20:11:21.000Z",
        "dateReserved": "2022-05-02T00:00:00.000Z",
        "dateUpdated": "2024-12-06T23:09:11.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1333 (GCVE-0-2022-1333)

    Vulnerability from cvelistv5 – Published: 2022-04-13 17:06 – Updated: 2024-12-06 23:09
    VLAI
    Title
    A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service
    Summary
    Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    URL Tags
    https://mattermost.com/security-updates/ x_refsource_MISC
    Impacted products
    Vendor Product Version
    Mattermost Mattermost Playbooks Affected: Playbooks , ≤ 1.24 (custom)
    Create a notification for this product.
    Credits
    Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.170Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mattermost.com/security-updates/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-1333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-06T22:53:07.151142Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-06T23:09:55.390Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mattermost Playbooks",
              "vendor": "Mattermost",
              "versions": [
                {
                  "lessThanOrEqual": "1.24",
                  "status": "affected",
                  "version": "Playbooks",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-13T17:06:01.000Z",
            "orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
            "shortName": "Mattermost"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mattermost.com/security-updates/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Mattermost Playbooks Plugin to version v1.25.0 or higher."
            }
          ],
          "source": {
            "advisory": "MMSA-2022-0093",
            "defect": [
              "https://mattermost.atlassian.net/browse/MM-41918"
            ],
            "discovery": "INTERNAL"
          },
          "title": "A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "responsibledisclosure@mattermost.com",
              "ID": "CVE-2022-1333",
              "STATE": "PUBLIC",
              "TITLE": "A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mattermost Playbooks",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "Playbooks",
                                "version_value": "1.24"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mattermost"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Rohitesh Gupta for contributing to this improvement under the Mattermost responsible disclosure policy."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-770 Allocation of Resources Without Limits or Throttling"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mattermost.com/security-updates/",
                  "refsource": "MISC",
                  "url": "https://mattermost.com/security-updates/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update Mattermost Playbooks Plugin to version v1.25.0 or higher."
              }
            ],
            "source": {
              "advisory": "MMSA-2022-0093",
              "defect": [
                "https://mattermost.atlassian.net/browse/MM-41918"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
        "assignerShortName": "Mattermost",
        "cveId": "CVE-2022-1333",
        "datePublished": "2022-04-13T17:06:01.000Z",
        "dateReserved": "2022-04-13T00:00:00.000Z",
        "dateUpdated": "2024-12-06T23:09:55.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }