ByteOS Network

rocketchat

Source -

ADPNVD

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2024-42027

Assigner-HackerOne

View Details

Assigner-HackerOne

CVSS Score-6.7||MEDIUM

EPSS-0.08% / 25.31%

7 Day CHG~0.00%

Published-07 Oct, 2024 | 12:46

Updated-07 Oct, 2024 | 19:37

The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.

Vendor-Rocket.Chat rocketchat

Product-Mobile rocket.chat

CWE ID-CWE-1391

Use of Weak Credentials

CVE-2024-46936

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.14% / 34.32%

7 Day CHG~0.00%

Published-24 Sep, 2024 | 00:00

Updated-25 Mar, 2025 | 16:38

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.

Vendor-n/a rocketchat

Product-n/a rocket.chat

CVE-2017-1000054

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.21% / 43.59%

7 Day CHG~0.00%

Published-13 Jul, 2017 | 20:00

Updated-20 Apr, 2025 | 01:37

Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.

Vendor-rocketchat n/a

Product-rocket.chat n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')