CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32219
https://notcve.org/view.php?id=CVE-2022-32219
23 Sep 2022 — An information disclosure vulnerability exists in Rocket.Chat
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32220
https://notcve.org/view.php?id=CVE-2022-32220
23 Sep 2022 — An information disclosure vulnerability exists in Rocket.Chat
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32218
https://notcve.org/view.php?id=CVE-2022-32218
23 Sep 2022 — An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. Se presenta una vulnerabilidad de divulgación de información en Rocket.Chat versiones anteriores a v5, versiones anteriores a v4.8.2 y versiones anteriores a v4.7.5, debido a que fue encontrado que el método actionLinkHandler permite la Enumeración de ID de mensajes con consultas Regex MongoDB. • https://hackerone.com/reports/1406953 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32226
https://notcve.org/view.php?id=CVE-2022-32226
23 Sep 2022 — An improper access control vulnerability exists in Rocket.Chat
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32227
https://notcve.org/view.php?id=CVE-2022-32227
23 Sep 2022 — A cleartext transmission of sensitive information exists in Rocket.Chat
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32228
https://notcve.org/view.php?id=CVE-2022-32228
23 Sep 2022 — An information disclosure vulnerability exists in Rocket.Chat
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32229
https://notcve.org/view.php?id=CVE-2022-32229
23 Sep 2022 — A information disclosure vulnerability exists in Rockert.Chat
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-35247
https://notcve.org/view.php?id=CVE-2022-35247
23 Sep 2022 — A information disclosure vulnerability exists in Rocket.chat
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-35246
https://notcve.org/view.php?id=CVE-2022-35246
23 Sep 2022 — A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-35248
https://notcve.org/view.php?id=CVE-2022-35248
23 Sep 2022 — A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. Se presenta una vulnerabilidad de autenticación inapropiada en Rocket.Chat versiones anteriores a v5, versiones anteriores a v4.8.2 y versiones anteriores a v4.7.5 que permitía omitir la autenticación de dos factores cuando era indicado al servidor que usara CAS durante el inicio de sesión. • https://hackerone.com/reports/1448268 • CWE-287: Improper Authentication •