CVE-2022-4019

Summary

A denial-of-service vulnerability in the Mattermost Playbooks plugin allows an authenticated user to crash the server via multiple large requests to one of the Playbooks API endpoints.

Affected Software

VendorProductVersion RangeStatus
MattermostPlaybooks Plugin1.0.0 <= 7.1.3affected
MattermostPlaybooks Plugin7.1.4 <= 7.1.*unaffected
MattermostPlaybooks Plugin7.2.0 < 7.2.1affected
MattermostPlaybooks Plugin7.3.0 < 7.3.1affected
MattermostPlaybooks Plugin7.4.0unaffected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References