) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:rocket.chat:rocket.chat:3.12.5:*:*:*:*:*:*:*
- CPE Name Search: true
There are 24 matching records.
Displaying matches 21 through 24.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-32217 |
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. Published: September 23, 2022; 3:15:11 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2022-32211 |
A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret. Published: September 23, 2022; 3:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-30124 |
An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code). Published: September 23, 2022; 3:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0:(not available) |
| CVE-2021-22892 |
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks. Published: May 27, 2021; 8:15:07 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |