CVE-2022-1337

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.4.1 and earlier

Description: The issue is related to the image proxy component, which can lead to resource exhaustion. An authenticated attacker can cause the server to crash by linking to very large image files, resulting in memory allocation for multiple copies of the proxied image.

Recommendations: For Mattermost versions 6.4.1 and earlier, consider disabling the image proxy component as a temporary workaround until a patch is available. Restrict access to large image files to minimize the risk of exploitation.

Fix

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

BIT-MATTERMOST-2022-1337

CVE-2022-1337

GHSA-F37Q-Q7P2-CCFC

GO-2022-0595

Affected Products

Mattermost

CVE-2022-1337

Weakness Enumeration

Related Identifiers

Affected Products

References · 9