📦 Rocket.chat
by Rocket.chat
🔍 What is Rocket.chat?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
A session fixation vulnerability in Rocket.Chat's 2FA implementation allows attackers to maintain access to compromised accounts even after 2FA is enabled. This affects all Rocket.Chat users who enabl...
A NoSQL injection vulnerability in Rocket.Chat server allows attackers to execute arbitrary database queries through a specific endpoint. This can lead to remote code execution (RCE) by manipulating q...
CVE-2021-22911 is an improper input sanitization vulnerability in Rocket.Chat that allows unauthenticated attackers to perform NoSQL injection attacks. This can lead to remote code execution on affect...
This vulnerability in Rocket.Chat allows attackers to bypass SAML authentication and gain unauthorized access to user accounts. It affects Rocket.Chat instances with SAML login enabled across multiple...
This vulnerability allows any authenticated Rocket.Chat user to access OAuth application credentials (client_id and client_secret) by querying the /api/v1/oauth-apps.get endpoint with a known applicat...
This vulnerability in Rocket.Chat allows attackers to cause denial of service by sending specially crafted messages containing specific characters. The message parser crashes when processing these mes...
This Server-Side Request Forgery (SSRF) vulnerability in Rocket.Chat's Twilio webhook endpoint allows attackers to make unauthorized requests to internal systems. It affects Rocket.Chat instances befo...
This vulnerability allows attackers to send specially crafted messages containing specific character chains that cause a chat service process to enter an infinite loop, consuming excessive CPU resourc...
A prototype pollution vulnerability in Rocket.Chat server versions below 5.2.0 allows attackers to achieve remote code execution (RCE) under admin privileges. This affects both cloud infrastructure (w...