English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

Rocket.Chat 3.3.0 Release Candidate 1

CPE Details

Rocket.Chat 3.3.0 Release Candidate 1
rocket.chat
rocket.chat
3.3.0
2021-01-12 12:24 +00:00
2021-01-12 12:24 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:rocket.chat:rocket.chat:3.3.0:rc1:*:*:*:*:*:*

Informations

Vendor

rocket.chat

Product

rocket.chat

Version

3.3.0

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-28325 2023-05-10 22:00 +00:00 An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room.
6.5
MEDIUM
CVE-2023-28356 2023-05-10 22:00 +00:00 A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive.
7.5
HIGH
CVE-2023-28357 2023-05-10 22:00 +00:00 A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to.
4.3
MEDIUM
CVE-2023-28358 2023-05-10 22:00 +00:00 A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover.
6.1
MEDIUM
CVE-2023-28359 2023-05-10 22:00 +00:00 A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.
5.3
MEDIUM
CVE-2023-23911 2023-03-09 23:00 +00:00 An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.
7.5
HIGH
CVE-2023-23917 2023-02-22 23:00 +00:00 A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well.
8.8
HIGH
CVE-2022-44567 2022-12-22 23:00 +00:00 A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). To exploit the vulnerability, the internal video chat window must be disabled or a Mac App Store build must be used (internalVideoChatWindow.ts#L14). The vulnerability may be exploited by an XSS attack because the function openInternalVideoChatWindow is exposed in the Rocket.Chat-Desktop-API.
9.8
CRITICAL
CVE-2022-30124 2022-09-23 16:28 +00:00 An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code).
6.8
MEDIUM
CVE-2022-32211 2022-09-23 16:28 +00:00 A SQL injection vulnerability exists in Rocket.Chat
8.8
HIGH
CVE-2022-32217 2022-09-23 16:28 +00:00 A cleartext storage of sensitive information exists in Rocket.Chat
5.3
MEDIUM
CVE-2022-32219 2022-09-23 16:28 +00:00 An information disclosure vulnerability exists in Rocket.Chat
4.3
MEDIUM
CVE-2022-32220 2022-09-23 16:28 +00:00 An information disclosure vulnerability exists in Rocket.Chat
6.5
MEDIUM
CVE-2022-32218 2022-09-23 16:28 +00:00 An information disclosure vulnerability exists in Rocket.Chat
4.3
MEDIUM
CVE-2022-32226 2022-09-23 16:28 +00:00 An improper access control vulnerability exists in Rocket.Chat
4.3
MEDIUM
CVE-2022-32227 2022-09-23 16:28 +00:00 A cleartext transmission of sensitive information exists in Rocket.Chat
6.5
MEDIUM
CVE-2022-32228 2022-09-23 16:28 +00:00 An information disclosure vulnerability exists in Rocket.Chat
4.3
MEDIUM
CVE-2022-32229 2022-09-23 16:28 +00:00 A information disclosure vulnerability exists in Rockert.Chat
4.3
MEDIUM
CVE-2022-35247 2022-09-23 16:28 +00:00 A information disclosure vulnerability exists in Rocket.chat
4.3
MEDIUM
CVE-2022-35246 2022-09-23 16:28 +00:00 A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat
4.3
MEDIUM
CVE-2022-35248 2022-09-23 16:28 +00:00 A improper authentication vulnerability exists in Rocket.Chat
8.8
HIGH
CVE-2022-35249 2022-09-23 16:28 +00:00 A information disclosure vulnerability exists in Rocket.Chat
4.3
MEDIUM
CVE-2022-35250 2022-09-23 16:28 +00:00 A privilege escalation vulnerability exists in Rocket.chat
4.3
MEDIUM
CVE-2022-35251 2022-09-23 16:28 +00:00 A cross-site scripting vulnerability exists in Rocket.chat
5.4
MEDIUM
CVE-2020-8291 2021-10-18 10:48 +00:00 A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.
6.1
MEDIUM
CVE-2021-32832 2021-08-30 18:55 +00:00 Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.
6.5
MEDIUM
CVE-2021-22910 2021-08-09 10:27 +00:00 A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
9.8
CRITICAL
CVE-2021-22892 2021-05-27 09:14 +00:00 An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.
7.5
HIGH
CVE-2021-22886 2021-03-26 17:15 +00:00 Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app.
6.1
MEDIUM
CVE-2020-8292 2021-01-21 18:13 +00:00 Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.
5.4
MEDIUM
CVE-2020-8288 2021-01-21 18:13 +00:00 The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.
5.4
MEDIUM
CVE-2020-28208 2021-01-08 16:26 +00:00 An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.
5.3
MEDIUM
CVE-2020-29594 2020-12-30 05:17 +00:00 Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login.
9.8
CRITICAL
CVE-2020-15926 2020-08-18 18:50 +00:00 Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side.
6.1
MEDIUM

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.