You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to
https://nvd.nist.gov
An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
This CVE has been marked Rejected in the CVE List. These CVEs are stored in the NVD, but do not show up in search results by default.
Current Description
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a reservation duplicate of [CVE-2021-37866]. Notes: All CVE users should reference [CVE-2021-37866] instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as used respectively in Mattermost, versions prior to v5.37.6, v5.39.3, v6.0.4, v6.1.1 and v6.2.0, are vulnerable to Insufficient Session Expiration. When a user initiates a logout, their session is not invalidated properly. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, to completely take over a victim account.
Metrics
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to nvd@nist.gov.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a reservation duplicate of [CVE-2021-37866]. Notes: All CVE users should reference [CVE-2021-37866] instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a reservation duplicate of [CVE-2021-37866]. Notes: All CVE users should reference [CVE-2021-37866] instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as used respectively in Mattermost, versions prior to v5.37.6, v5.39.3, v6.0.4, v6.1.1 and v6.2.0, are vulnerable to Insufficient Session Expiration. When a user initiates a logout, their session is not invalidated properly. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a reservation duplicate of [CVE-2021-37866]. Notes: All CVE users should reference [CVE-2021-37866] instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Removed
CVSS V3.1
WhiteSource AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Removed
CWE
WhiteSource CWE-613
Removed
Reference
https://github.com/mattermost/focalboard/commit/0142c114e9325722d6c8e8ca00f10f0f34dd0409 [Patch, Third Party Advisory]
Removed
Reference
https://github.com/mattermost/focalboard/commit/0ebc9a4be110764a2510bf886531f21e21b079ea [Patch, Third Party Advisory]
Removed
Reference
https://github.com/mattermost/focalboard/commit/2f08c6782762e58e008bd50f3892cb1cdd1be539 [Patch, Third Party Advisory]
Removed
Reference
https://github.com/mattermost/focalboard/commit/6104de5ba51f79d749b9d5406fde5c2983fc5c5c [Patch, Third Party Advisory]
Removed
Reference
https://github.com/mattermost/focalboard/commit/87f4dd224c8736778a8f23788a92471b11da9061 [Patch, Third Party Advisory]
Removed
Reference
https://github.com/mattermost/focalboard/commit/a2fab2c1d9b3f61871f6da4dc434a2b19ca9552c [Patch, Third Party Advisory]
Removed
Reference
https://github.com/mattermost/mattermost-server/commit/0a042ca05fefa0584045bab1b7dae102360c98c5 [Patch, Third Party Advisory]
Removed
Reference
https://github.com/mattermost/mattermost-server/commit/5f7fd34956ad5bf7e3697a920e377e11c16dda06 [Patch, Third Party Advisory]
Removed
Reference
https://github.com/mattermost/mattermost-server/commit/6a4c881450973284c3ed98f39bde4809ddd8a758 [Patch, Third Party Advisory]
Removed
Reference
https://github.com/mattermost/mattermost-server/commit/74e87ec3e623202a9654ae164e834cfe26dd6ec3 [Patch, Third Party Advisory]
Removed
Reference
https://github.com/mattermost/mattermost-server/commit/7bc182de9eebb708d62b828213144a1aa4560fa0 [Patch, Third Party Advisory]
Removed
Reference
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22122 [Exploit, Patch, Third Party Advisory]
CVE Rejected by Mend2/02/2022 12:15:10 PM
Action
Type
Old Value
New Value
Initial Analysis by NIST1/24/2022 12:08:00 PM
Action
Type
Old Value
New Value
Added
CVSS V2
NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Added
CPE Configuration
OR
*cpe:2.3:a:mattermost:focalboard:*:*:*:*:*:*:*:* versions up to (excluding) 0.7.5
*cpe:2.3:a:mattermost:focalboard:*:*:*:*:*:*:*:* versions from (including) 0.8.0 up to (excluding) 0.8.4
*cpe:2.3:a:mattermost:focalboard:*:*:*:*:*:*:*:* versions from (including) 0.9.0 up to (excluding) 0.9.5
*cpe:2.3:a:mattermost:focalboard:*:*:*:*:*:*:*:* versions from (including) 0.10.0 up to (excluding) 0.10.1
Changed
Reference Type
https://github.com/mattermost/focalboard/commit/0142c114e9325722d6c8e8ca00f10f0f34dd0409 No Types Assigned
https://github.com/mattermost/focalboard/commit/0142c114e9325722d6c8e8ca00f10f0f34dd0409 Patch, Third Party Advisory
Changed
Reference Type
https://github.com/mattermost/focalboard/commit/0ebc9a4be110764a2510bf886531f21e21b079ea No Types Assigned
https://github.com/mattermost/focalboard/commit/0ebc9a4be110764a2510bf886531f21e21b079ea Patch, Third Party Advisory
Changed
Reference Type
https://github.com/mattermost/focalboard/commit/2f08c6782762e58e008bd50f3892cb1cdd1be539 No Types Assigned
https://github.com/mattermost/focalboard/commit/2f08c6782762e58e008bd50f3892cb1cdd1be539 Patch, Third Party Advisory
Changed
Reference Type
https://github.com/mattermost/focalboard/commit/6104de5ba51f79d749b9d5406fde5c2983fc5c5c No Types Assigned
https://github.com/mattermost/focalboard/commit/6104de5ba51f79d749b9d5406fde5c2983fc5c5c Patch, Third Party Advisory
Changed
Reference Type
https://github.com/mattermost/focalboard/commit/87f4dd224c8736778a8f23788a92471b11da9061 No Types Assigned
https://github.com/mattermost/focalboard/commit/87f4dd224c8736778a8f23788a92471b11da9061 Patch, Third Party Advisory
Changed
Reference Type
https://github.com/mattermost/focalboard/commit/a2fab2c1d9b3f61871f6da4dc434a2b19ca9552c No Types Assigned
https://github.com/mattermost/focalboard/commit/a2fab2c1d9b3f61871f6da4dc434a2b19ca9552c Patch, Third Party Advisory
Changed
Reference Type
https://github.com/mattermost/mattermost-server/commit/0a042ca05fefa0584045bab1b7dae102360c98c5 No Types Assigned
https://github.com/mattermost/mattermost-server/commit/0a042ca05fefa0584045bab1b7dae102360c98c5 Patch, Third Party Advisory
Changed
Reference Type
https://github.com/mattermost/mattermost-server/commit/5f7fd34956ad5bf7e3697a920e377e11c16dda06 No Types Assigned
https://github.com/mattermost/mattermost-server/commit/5f7fd34956ad5bf7e3697a920e377e11c16dda06 Patch, Third Party Advisory
Changed
Reference Type
https://github.com/mattermost/mattermost-server/commit/6a4c881450973284c3ed98f39bde4809ddd8a758 No Types Assigned
https://github.com/mattermost/mattermost-server/commit/6a4c881450973284c3ed98f39bde4809ddd8a758 Patch, Third Party Advisory
Changed
Reference Type
https://github.com/mattermost/mattermost-server/commit/74e87ec3e623202a9654ae164e834cfe26dd6ec3 No Types Assigned
https://github.com/mattermost/mattermost-server/commit/74e87ec3e623202a9654ae164e834cfe26dd6ec3 Patch, Third Party Advisory
Changed
Reference Type
https://github.com/mattermost/mattermost-server/commit/7bc182de9eebb708d62b828213144a1aa4560fa0 No Types Assigned
https://github.com/mattermost/mattermost-server/commit/7bc182de9eebb708d62b828213144a1aa4560fa0 Patch, Third Party Advisory
Changed
Reference Type
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22122 No Types Assigned
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22122 Exploit, Patch, Third Party Advisory
Quick Info
CVE Dictionary Entry: CVE-2022-22122 NVD
Published Date: 01/13/2022 NVD
Last Modified: 11/06/2023
Source: Mend
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
