CVE-2020-28208
Rocket.Chat 3.7.1 Email Address Enumeration
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
6
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.
Se presenta una vulnerabilidad de enumeración de direcciones de correo electrónico en la función password reset de Rocket.Chat versiones hasta 3.9.1
Rocket.Chat versions 3.7.1 and below suffers from an email address enumeration vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-11-04 CVE Reserved
- 2021-01-07 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-10-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2021/Jan/32 | Broken Link |
|
| http://seclists.org/fulldisclosure/2021/Jan/43 | Broken Link |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rocket.chat Search vendor "Rocket.chat" | Rocket.chat Search vendor "Rocket.chat" for product "Rocket.chat" | <= 3.9.1 Search vendor "Rocket.chat" for product "Rocket.chat" and version " <= 3.9.1" | - |
Affected
| ||||||