Trusted IP Header Misconfiguration in Mattermost 6.7.0 and Earlier Allows Rate Limit Bypass and IP Manipulation

Trusted IP Header Misconfiguration in Mattermost 6.7.0 and Earlier Allows Rate Limit Bypass and IP Manipulation

CVE-2022-2366 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.

Learn more about our Web Application Penetration Testing UK.