CVE-2022-1333 LOW

CVE-2022-1333: A specifically drafted Playbook could trigger large amount of webhook requests leading to Denial of Service

Vendor Mattermost
Product Mattermost Playbooks
Weakness CWE-770 · Uncontrolled resource consumption
Published April 13, 2022
Last update December 6, 2024

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service.

Key dates

02Disclosure timeline

April 13, 2022 CVE published
December 6, 2024 Record updated