Security Advisory

CVE-2022-2406

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-07-14 17:23:55

Last updated 2024-12-06 23:08:23

Assigner Mattermost

State PUBLISHED

Description

The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API.

← Browse all CVEs View on cve.org ↗