CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 6CVE-2020-28208 – Rocket.Chat 3.7.1 Email Address Enumeration
https://notcve.org/view.php?id=CVE-2020-28208
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1. Se presenta una vulnerabilidad de enumeración de direcciones de correo electrónico en la función password reset de Rocket.Chat versiones hasta 3.9.1 Rocket.Chat versions 3.7.1 and below suffers from an email address enumeration vulnerability. • http://packetstormsecurity.com/files/160845/Rocket.Chat-3.7.1-Email-Address-Enumeration.html http://seclists.org/fulldisclosure/2021/Jan/32 http://seclists.org/fulldisclosure/2021/Jan/43 http://www.openwall.com/lists/oss-security/2021/01/07/1 http://www.openwall.com/lists/oss-security/2021/01/08/1 http://www.openwall.com/lists/oss-security/2021/01/13/1 https://trovent.github.io/security-advisories/TRSA-2010-01/TRSA-2010-01.txt https://trovent.io/security-advisory-201 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-29594
https://notcve.org/view.php?id=CVE-2020-29594
Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. Rocket.Chat versiones anteriores a 0.74.4, versiones 1.x anteriores a 1.3.4, versiones 2.x anteriores a 2.4.13, versiones 3.x anteriores a 3.7.3, versiones 3.8.x anteriores a 3.8.3 y versiones 3.9.x anteriores a 3.9.1, maneja inapropiadamente el inicio de sesión de SAML. • https://github.com/RocketChat/Rocket.Chat/compare/3.8.2...3.8.3 https://github.com/RocketChat/Rocket.Chat/releases/tag/3.9.1 •