← volver
CVE-2021-22911

CVE-2021-22911

EPSS 95.2%CWE-75
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
Productos afectados
n/a · Rocket.Chat server
PoCs públicas encontradas15
githubgithub.com/CsEnox/CVE-2021-2291161githubgithub.com/optionalCTF/Rocket.Chat-Automated-Account-Takeover-RCE-CVE-2021-229119githubgithub.com/Faridi-m/CVE-2021-22911-RocketChat1githubgithub.com/overgrowncarrot1/CVE-2021-229110githubgithub.com/yoohhuu/Rocket-Chat-3.12.1-PoC-CVE-2021-22911-0githubgithub.com/octodi/CVE-2021-229110githubgithub.com/TeneBrae93/RocketChat-NoSQLi-Chain-CVE-2021-229110githubgithub.com/MrDottt/CVE-2021-229110githubgithub.com/jayngng/CVE-2021-229110githubgithub.com/ChrisPritchard/CVE-2021-22911-rust0githubgithub.com/roshanrajbanshi/rocketcat-cve-2021-22911-exploit0cve_referencepacketstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.htmlno verificadoexploitdbwww.exploit-db.com/exploits/49960no verificadoexploitdbwww.exploit-db.com/exploits/50108no verificadocve_referencepacketstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/162997/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.htmlhttp://packetstormsecurity.com/files/163419/Rocket.Chat-3.12.1-NoSQL-Injection-Code-Execution.htmlhttps://blog.sonarsource.com/nosql-injections-in-rocket-chathttps://hackerone.com/reports/1130721