PT-2022-13806 · Mattermost · Mattermost Playbooks Plugin

Rohitesh Gupta

Published

2022-04-13

Updated

2022-04-21

CVE-2022-1333

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Mattermost Playbooks plugin versions 1.24.0 and earlier

Description The issue arises from the Mattermost Playbooks plugin's failure to properly check the limit on the number of webhooks. This allows authenticated and authorized users to create a specifically drafted Playbook that could trigger a large amount of webhook requests, leading to Denial of Service.

Recommendations For Mattermost Playbooks plugin versions 1.24.0 and earlier, as a temporary workaround, consider restricting the creation of new Playbooks or limiting the number of webhook requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2022-1333

Affected Products

Mattermost Playbooks Plugin

PT-2022-13806 · Mattermost · Mattermost Playbooks Plugin

CVE-2022-1333

Weakness Enumeration

Related Identifiers

Affected Products

References · 4