Miggo Logo
Miggo Vulnerability Database
CVE-2022-4044

CVE-2022-4044: Denial of service in Mattermost

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-4044
GHSA ID
GHSA-5jph-wrq7-v9hf
EPSS Score
0.6721%
CWE
CWE-770
Published
11/23/2022
Updated
1/29/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/mattermost/mattermost-servergo< 7.1.47.1.4
github.com/mattermost/mattermost-servergo>= 7.2.0, < 7.2.17.2.1
github.com/mattermost/mattermost-servergo>= 7.3.0, < 7.3.17.3.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing size validation in two key areas: 1) User store operations handling NotifyProps (insert/update flows), and 2) Data serialization for database storage. The patched code adds validation in both layers. In vulnerable versions, SqlUserStore methods processed user-provided NotifyProps containing autoresponder messages without size checks, while the model utilities serialized this data without resource limits. During exploitation, all these functions would appear in call stacks when processing oversized payloads.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* **ni*l-o*-s*rvi** vuln*r**ility in M*tt*rmost *llows *n *ut**nti**t** us*r to *r*s* t** s*rv*r vi* multipl* l*r** *utor*spon**r m*ss***s.

Reasoning

T** vuln*r**ility st*ms *rom missin* siz* v*li**tion in two k*y *r**s: *) `Us*r` stor* op*r*tions **n*lin* `Noti*yProps` (ins*rt/up**t* *lows), *n* *) **t* s*ri*liz*tion *or **t***s* stor***. T** p*t**** *o** ***s v*li**tion in *ot* l*y*rs. In vuln*r