CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-22892
https://notcve.org/view.php?id=CVE-2021-22892
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks. Se presenta una vulnerabilidad de divulgación de información en el servidor Rocket.Chat corregido en versiones v3.13, v3.12.2 y v3.11.3, que permitía que las direcciones de correo electrónico sean divulgadas mediante comprobaciones de enumeración y validación • https://hackerone.com/reports/1089116 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 95%CPEs: 3EXPL: 12CVE-2021-22911 – Rocket.Chat 3.12.1 - NoSQL Injection (Unauthenticated)
https://notcve.org/view.php?id=CVE-2021-22911
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE. Se presenta una vulnerabilidad de saneamiento de entrada inapropiada en el servidor Rocket.Chat versiones 3.11, 3.12 y 3.13, que podría conllevar a una inyección NoSQL no autenticada, resultando potencialmente en RCE • https://www.exploit-db.com/exploits/49960 https://www.exploit-db.com/exploits/50108 https://github.com/CsEnox/CVE-2021-22911 https://github.com/optionalCTF/Rocket.Chat-Automated-Account-Takeover-RCE-CVE-2021-22911 https://github.com/jayngng/CVE-2021-22911 https://github.com/overgrowncarrot1/CVE-2021-22911 https://github.com/MrDottt/CVE-2021-22911 https://github.com/ChrisPritchard/CVE-2021-22911-rust http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code- • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •