CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35249
https://notcve.org/view.php?id=CVE-2022-35249
23 Sep 2022 — A information disclosure vulnerability exists in Rocket.Chat
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-35246
https://notcve.org/view.php?id=CVE-2022-35246
23 Sep 2022 — A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-35248
https://notcve.org/view.php?id=CVE-2022-35248
23 Sep 2022 — A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. Se presenta una vulnerabilidad de autenticación inapropiada en Rocket.Chat versiones anteriores a v5, versiones anteriores a v4.8.2 y versiones anteriores a v4.7.5 que permitía omitir la autenticación de dos factores cuando era indicado al servidor que usara CAS durante el inicio de sesión. • https://hackerone.com/reports/1448268 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35251
https://notcve.org/view.php?id=CVE-2022-35251
23 Sep 2022 — A cross-site scripting vulnerability exists in Rocket.chat
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35250
https://notcve.org/view.php?id=CVE-2022-35250
23 Sep 2022 — A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions. Se presenta una vulnerabilidad de escalada de privilegios en Rocket.chat versiones anteriores a v5 que permitía elevar los privilegios de cualquier usuario autenticado para visualizar los mensajes directos sin los permisos apropiados. • https://hackerone.com/reports/917946 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-21830
https://notcve.org/view.php?id=CVE-2022-21830
01 Apr 2022 — A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance. Se presenta una vulnerabilidad de tipo auto XSS ciega en RocketChat LiveChat versiones anteriores a v1.9, que podría permitir a un atacante engañar a una víctima pegando código malicioso en su instancia de chat • https://hackerone.com/reports/1091118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8291
https://notcve.org/view.php?id=CVE-2020-8291
18 Oct 2021 — A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks. Un problema de renderización de la vista previa de los enlaces en Rocket.Chat versiones anteriores a 3.9, podía conllevar a posibles ataques de tipo XSS • https://github.com/RocketChat/Rocket.Chat/pull/19854 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-32832 – ReDOS in Rocket.Chat
https://notcve.org/view.php?id=CVE-2021-32832
30 Aug 2021 — Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13. Rocket.Chat es una plataforma de comunicaciones de código abierto totalmente personalizable y desarrollada en JavaScript. En Rocket.Chat versiones anteriores a 3.11.3, 3.12.2 y 3.13, un problema con determinadas expres... • https://docs.rocket.chat/guides/security/security-updates • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-22910
https://notcve.org/view.php?id=CVE-2021-22910
09 Aug 2021 — A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. Se presenta una vulnerabilidad de saneo en Rocket.Chat server versiones anteriores a 3.13.2, anteriores a 3.12.4, anteriores a 3.11.4, que permitía realizar consultas a un endpoint que podía dar lugar a una inyección NoSQL, conllevando potencialmente a un RCE • https://blog.sonarsource.com/nosql-injections-in-rocket-chat • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26763
https://notcve.org/view.php?id=CVE-2020-26763
05 Jul 2021 — The Rocket.Chat desktop application 2.17.11 opens external links without user interaction. La aplicación de escritorio Rocket.Chat versión 2.17.11, abre enlaces externos sin la interacción de un usuario • https://github.com/RocketChat/Rocket.Chat.Electron/pull/1710 •