CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30124
https://notcve.org/view.php?id=CVE-2022-30124
23 Sep 2022 — An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code). Se presenta una vulnerabilidad de autenticación inapropiada en Rocket.Chat Mobile App versiones anteriores a 4.14.1.22788, que permitía a un atacante con acceso físico a un dispositivo móvil omitir la autenticación local (código PIN). • https://hackerone.com/reports/1126414 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-32211
https://notcve.org/view.php?id=CVE-2022-32211
23 Sep 2022 — A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret. Se presenta una vulnerabilidad de inyección SQL en Rocket.Chat versiones anteriores a v3.18.6, versiones anteriores a v4.4.4 y versiones anteriores a v4.7.3, que puede permitir a un atacante recuperar un token de restablecimiento de contraseña a mediante un secreto 2fa. • https://hackerone.com/reports/1581059 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32217
https://notcve.org/view.php?id=CVE-2022-32217
23 Sep 2022 — A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. Se presenta un almacenamiento en texto sin cifrar de información confidencial en Rocket.Chat versiones anteriores a v4.6.4, debido a que el token Oauth es filtrado en texto plano en los registros de Rocket.chat. • https://hackerone.com/reports/1394399 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32229
https://notcve.org/view.php?id=CVE-2022-32229
23 Sep 2022 — A information disclosure vulnerability exists in Rockert.Chat
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-35247
https://notcve.org/view.php?id=CVE-2022-35247
23 Sep 2022 — A information disclosure vulnerability exists in Rocket.chat
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32218
https://notcve.org/view.php?id=CVE-2022-32218
23 Sep 2022 — An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. Se presenta una vulnerabilidad de divulgación de información en Rocket.Chat versiones anteriores a v5, versiones anteriores a v4.8.2 y versiones anteriores a v4.7.5, debido a que fue encontrado que el método actionLinkHandler permite la Enumeración de ID de mensajes con consultas Regex MongoDB. • https://hackerone.com/reports/1406953 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32226
https://notcve.org/view.php?id=CVE-2022-32226
23 Sep 2022 — An improper access control vulnerability exists in Rocket.Chat
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32228
https://notcve.org/view.php?id=CVE-2022-32228
23 Sep 2022 — An information disclosure vulnerability exists in Rocket.Chat
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32227
https://notcve.org/view.php?id=CVE-2022-32227
23 Sep 2022 — A cleartext transmission of sensitive information exists in Rocket.Chat
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35251
https://notcve.org/view.php?id=CVE-2022-35251
23 Sep 2022 — A cross-site scripting vulnerability exists in Rocket.chat