CVE-2022-4019 Authenticated user could send multiple requests containing a large payload to a Playbooks API and can crash a Mattermost server

🗓️ 23 Nov 2022 05:32:15Reported by MattermostType

Authenticated user causing denial-of-service vulnerability in Mattermost Playbooks plugi

Reporter	Title	Published	Views	Family All 19
Circl	CVE-2022-4019	23 Nov 202212:13	–	circl
CNNVD	Mattermost 安全漏洞	23 Nov 202200:00	–	cnnvd
CVE	CVE-2022-4019	23 Nov 202205:32	–	cve
EUVD	EUVD-2022-51398	3 Oct 202520:07	–	euvd
Hacker One	Mattermost: DoS via Playbook	31 Aug 202200:41	–	hackerone
Tenable Nessus	Mattermost Server < 7.1.4 / 7.2.x < 7.2.1 / 7.3.x < 7.3.1 DoS (MMSA-2022-00118)	2 Dec 202200:00	–	nessus
NVD	CVE-2022-4019	23 Nov 202206:15	–	nvd
OSV	CGA-CR3C-CHQP-XRVM	25 Sep 202402:09	–	osv
OSV	CGA-Q2W5-CXHM-CH97	25 Sep 202405:31	–	osv
OSV	CGA-Q428-HVH3-33QW	24 Jul 202515:46	–	osv

[
  {
    "defaultStatus": "unaffected",
    "product": "Playbooks Plugin",
    "vendor": "Mattermost",
    "versions": [
      {
        "lessThanOrEqual": "7.1.3",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "7.1.*",
        "status": "unaffected",
        "version": "7.1.4",
        "versionType": "semver"
      },
      {
        "lessThan": "7.2.1",
        "status": "affected",
        "version": "7.2.0",
        "versionType": "semver"
      },
      {
        "lessThan": "7.3.1",
        "status": "affected",
        "version": "7.3.0",
        "versionType": "semver"
      },
      {
        "status": "unaffected",
        "version": "7.4.0"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/1685979
mattermost	www.mattermost.com/security-updates/

23 Nov 2022 05:32Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.14.3

EPSS0.00636

CWE-770