Rocket.chat Security Vulnerabilities and Issues — Rocket.chat CVE List

Lucene search

RocketchatRocket.chat

5 matches found

CVE•added 2024/10/07 1:15 p.m.•43 views

CVE-2024-42027

The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.

6.7CVSS7.1AI score0.00076EPSS

CVE•added 2017/07/17 1:18 p.m.•37 views

CVE-2017-1000054

Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.

6.1CVSS6AI score0.0021EPSS

CVE•added 2024/09/25 1:15 a.m.•35 views

CVE-2024-46936

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.

7.5CVSS7AI score0.00137EPSS

CVE•added 2025/06/09 8:15 p.m.•35 views

CVE-2025-5892

A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression complex...

7.5CVSS7.2AI score0.00066EPSS

CVE•added 2021/08/30 9:15 p.m.•33 views

CVE-2021-32832

Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.

6.5CVSS5.3AI score0.00754EPSS