Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rocket.chat rocket.chat vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-32220
An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.
Rocket.chat Rocket.chat
NA
CVE-2022-32226
An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching ri...
Rocket.chat Rocket.chat
NA
CVE-2022-32229
A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.
Rocket.chat Rocket.chat
3.5
CVSSv2
CVE-2020-8288
The `specializedRendering` function in Rocket.Chat server prior to 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.
Rocket.chat Rocket.chat
4.3
CVSSv2
CVE-2020-8292
Rocket.Chat server prior to 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.
Rocket.chat Rocket.chat
NA
CVE-2023-28316
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an malicious user to maintain access to a compromised account even after 2FA is...
Rocket.chat Rocket.chat -
NA
CVE-2023-28317
A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order.
Rocket.chat Rocket.chat -
NA
CVE-2023-28318
A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices.
Rocket.chat Rocket.chat -
NA
CVE-2023-28325
An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room.
Rocket.chat Rocket.chat
NA
CVE-2023-28356
A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive.
Rocket.chat Rocket.chat
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »