CVE-2023-28316

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled...

CVE-2020-8292

Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting XSS vulnerability via the drag & drop functionality in message boxes...

CVE-2022-32217

A cleartext storage of sensitive information exists in Rocket.Chat v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs...

CVE-2020-29594

Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login...

Rocket.Chat: Unread Messages can leak Message IDs

The Meteor Method "unreadMessages" could leak existing Message IDs to unauthorized clients when called with a regular expression. The vulnerability was present in Rocket.Chat versions 3.9.3 and develop...