Rocket.chat@* Security Vulnerabilities and Issues — Rocket.chat@* CVE List

Lucene search

RocketchatRocket.chat*

3 matches found

CVE•added 2024/10/07 1:15 p.m.•43 views

CVE-2024-42027

The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.

6.7CVSS7.1AI score0.00076EPSS

CVE•added 2024/09/25 1:15 a.m.•35 views

CVE-2024-46936

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.

7.5CVSS7AI score0.00137EPSS

CVE•added 2021/08/30 9:15 p.m.•33 views

CVE-2021-32832

Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13.

6.5CVSS5.3AI score0.00754EPSS