Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rocket.chat rocket.chat - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-44567
A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an malicious user to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). To exploit the v...
Rocket.chat Rocket.chat
7.5
CVSSv2
CVE-2021-22910
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
Rocket.chat Rocket.chat
7.5
CVSSv2
CVE-2020-29594
Rocket.Chat prior to 0.74.4, 1.x prior to 1.3.4, 2.x prior to 2.4.13, 3.x prior to 3.7.3, 3.8.x prior to 3.8.3, and 3.9.x prior to 3.9.1 mishandles SAML login.
Rocket.chat Rocket.chat
4.3
CVSSv2
CVE-2018-13878
An XSS issue exists in packages/rocketchat-mentions/Mentions.js in Rocket.Chat prior to 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret tok...
Rocket.chat Rocket.chat
NA
CVE-2023-28316
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an malicious user to maintain access to a compromised account even after 2FA is...
Rocket.chat Rocket.chat -
NA
CVE-2023-28317
A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order.
Rocket.chat Rocket.chat -
NA
CVE-2023-28318
A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices.
Rocket.chat Rocket.chat -
NA
CVE-2023-28325
An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room.
Rocket.chat Rocket.chat
NA
CVE-2023-28356
A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive.
Rocket.chat Rocket.chat
NA
CVE-2023-28357
A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a us...
Rocket.chat Rocket.chat
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »