Rocket.Chat

Rocket.Chat

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-28317

  • EPSS 0.09%
  • Veröffentlicht 09.05.2023 22:15:10
  • Zuletzt bearbeitet 28.01.2025 21:15:14

A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order.

9.8

CVE-2023-28316

  • EPSS 0.31%
  • Veröffentlicht 09.05.2023 22:15:09
  • Zuletzt bearbeitet 28.01.2025 21:15:14

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised a...

7.5

CVE-2023-23911

  • EPSS 0.15%
  • Veröffentlicht 10.03.2023 22:15:10
  • Zuletzt bearbeitet 21.11.2024 07:47:05

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.

8.8

CVE-2023-23917

  • EPSS 0.94%
  • Veröffentlicht 23.02.2023 20:15:13
  • Zuletzt bearbeitet 12.03.2025 18:15:24

A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud...

9.8

CVE-2022-44567

  • EPSS 5.88%
  • Veröffentlicht 23.12.2022 15:15:15
  • Zuletzt bearbeitet 15.04.2025 15:16:00

A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L...

8.8

CVE-2022-35248

Exploit
  • EPSS 0.3%
  • Veröffentlicht 23.09.2022 19:15:14
  • Zuletzt bearbeitet 21.11.2024 07:10:58

A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.

5.4

CVE-2022-35251

Exploit
  • EPSS 0.27%
  • Veröffentlicht 23.09.2022 19:15:14
  • Zuletzt bearbeitet 22.05.2025 19:15:34

A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the cont...

4.3

CVE-2022-35250

Exploit
  • EPSS 0.35%
  • Veröffentlicht 23.09.2022 19:15:14
  • Zuletzt bearbeitet 22.05.2025 19:15:33

A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.

4.3

CVE-2022-35249

Exploit
  • EPSS 0.2%
  • Veröffentlicht 23.09.2022 19:15:14
  • Zuletzt bearbeitet 22.05.2025 19:15:33

A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.

4.3

CVE-2022-35247

Exploit
  • EPSS 0.27%
  • Veröffentlicht 23.09.2022 19:15:13
  • Zuletzt bearbeitet 22.05.2025 18:15:24

A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients.