Exposição de Rocket.Chat
Live chat34
score de exposição
286
sites usam
0
em exploração
4
críticos
CVEs
41 resultadosCVE-2024-39713HIGHA Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.EPSS 3.2%CVE-2021-22886—Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a rEPSS 1.7%CVE-2021-32832MEDIUMReDOS in Rocket.ChatEPSS 1.6%CVE-2022-35248—A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypasseEPSS 1.2%CVE-2022-32211HIGHA SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password tEPSS 1.1%CVE-2023-23917HIGHA prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any uEPSS 1.0%CVE-2022-32220MEDIUMAn information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messageEPSS 0.8%CVE-2023-28316CRITICALA security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not iEPSS 0.7%CVE-2023-28356HIGHA vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enteEPSS 0.7%CVE-2022-32219MEDIUMAn information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter frEPSS 0.7%CVE-2022-32229MEDIUMA information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs andEPSS 0.7%CVE-2022-32228MEDIUMAn information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does nEPSS 0.7%CVE-2022-32218MEDIUMAn information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to alloEPSS 0.7%CVE-2022-32226MEDIUMAn improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor serveEPSS 0.7%CVE-2026-48929HIGHRocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7, <7.13.9, and <7.10.13 is vulnerable to unauthenticated file deletionEPSS 0.6%CVE-2022-35250MEDIUMA privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to viEPSS 0.6%CVE-2022-35249MEDIUMA information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages EPSS 0.6%CVE-2023-28359MEDIUMA NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenEPSS 0.6%CVE-2022-35246MEDIUMA NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl MeteEPSS 0.6%CVE-2022-32217MEDIUMA cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.EPSS 0.5%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →