Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rocket.chat rocket.chat vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-22892
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.
Rocket.chat Rocket.chat
Rocket.chat Rocket.chat 3.12.3
Rocket.chat Rocket.chat 3.12.4
Rocket.chat Rocket.chat 3.12.5
383
VMScore
CVE-2017-1000054
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
Rocketchat Rocket.chat 0.11.0
Rocketchat Rocket.chat 0.29.0
Rocketchat Rocket.chat 0.26.0
Rocketchat Rocket.chat 0.23.0
Rocketchat Rocket.chat 0.49.1
Rocketchat Rocket.chat 0.28.0
Rocketchat Rocket.chat 0.16.0
Rocketchat Rocket.chat 0.25.0
Rocketchat Rocket.chat 0.44.0
Rocketchat Rocket.chat 0.57.0
Rocketchat Rocket.chat 0.21.0
Rocketchat Rocket.chat 0.57.2
Rocketchat Rocket.chat 0.37.0
Rocketchat Rocket.chat 0.52.0
Rocketchat Rocket.chat 0.49.4
Rocketchat Rocket.chat 0.54.2
Rocketchat Rocket.chat 0.47.0
Rocketchat Rocket.chat 0.31.0
Rocketchat Rocket.chat 0.55.0
Rocketchat Rocket.chat 0.47.1
Rocketchat Rocket.chat 0.48.0
Rocketchat Rocket.chat 0.18.0
670
VMScore
CVE-2021-22911
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
Rocket.chat Rocket.chat 3.11.0
Rocket.chat Rocket.chat 3.12.0
Rocket.chat Rocket.chat 3.13.0
10 Github repositories
383
VMScore
CVE-2021-22886
Rocket.Chat prior to 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote malicious user to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop ap...
Rocket.chat Rocket.chat
Rocket.chat Rocket.chat 3.11.0
NA
CVE-2023-28357
A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a us...
Rocket.chat Rocket.chat
435
VMScore
CVE-2019-17220
Rocket.Chat prior to 2.1.0 allows XSS via a URL on a ![title] line.
Rocket.chat Rocket.chat
1 EDB exploit
668
VMScore
CVE-2020-29594
Rocket.Chat prior to 0.74.4, 1.x prior to 1.3.4, 2.x prior to 2.4.13, 3.x prior to 3.7.3, 3.8.x prior to 3.8.3, and 3.9.x prior to 3.9.1 mishandles SAML login.
Rocket.chat Rocket.chat
NA
CVE-2022-32211
A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an malicious user to retrieve a reset password token through or a 2fa secret.
Rocket.chat Rocket.chat
NA
CVE-2022-32217
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.
Rocket.chat Rocket.chat
NA
CVE-2022-32229
A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.
Rocket.chat Rocket.chat
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »