Rocket.Chat

Rocket.Chat

63 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-44567

  • EPSS 1.66%
  • Veröffentlicht 23.12.2022 15:15:15
  • Zuletzt bearbeitet 15.04.2025 15:16:00

A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L...

5.4

CVE-2022-35251

Exploit
  • EPSS 0.53%
  • Veröffentlicht 23.09.2022 19:15:14
  • Zuletzt bearbeitet 22.05.2025 19:15:34

A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the cont...

4.3

CVE-2022-35250

Exploit
  • EPSS 0.64%
  • Veröffentlicht 23.09.2022 19:15:14
  • Zuletzt bearbeitet 22.05.2025 19:15:33

A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.

4.3

CVE-2022-35249

Exploit
  • EPSS 0.63%
  • Veröffentlicht 23.09.2022 19:15:14
  • Zuletzt bearbeitet 22.05.2025 19:15:33

A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.

8.8

CVE-2022-35248

Exploit
  • EPSS 1.22%
  • Veröffentlicht 23.09.2022 19:15:14
  • Zuletzt bearbeitet 21.11.2024 07:10:58

A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.

4.3

CVE-2022-35247

Exploit
  • EPSS 0.54%
  • Veröffentlicht 23.09.2022 19:15:13
  • Zuletzt bearbeitet 22.05.2025 18:15:24

A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients.

4.3

CVE-2022-35246

Exploit
  • EPSS 0.6%
  • Veröffentlicht 23.09.2022 19:15:13
  • Zuletzt bearbeitet 22.05.2025 20:15:24

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access.

6.8

CVE-2022-30124

Exploit
  • EPSS 0.56%
  • Veröffentlicht 23.09.2022 19:15:11
  • Zuletzt bearbeitet 22.05.2025 19:15:30

An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code).

8.8

CVE-2022-32211

Exploit
  • EPSS 1.08%
  • Veröffentlicht 23.09.2022 19:15:11
  • Zuletzt bearbeitet 27.05.2025 19:15:21

A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.

5.3

CVE-2022-32217

Exploit
  • EPSS 0.55%
  • Veröffentlicht 23.09.2022 19:15:11
  • Zuletzt bearbeitet 22.05.2025 19:15:31

A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.