Vulnerabilities > CVE-2021-22892 - Information Exposure Through Discrepancy vulnerability in Rocket.Chat

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
rocket-chat
CWE-203
NVD
Published: 2021-05-27
Updated: 2022-08-30

Summary

An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.

Vulnerable Configurations

Part Description Count
Application
Rocket.Chat
501

Common Weakness Enumeration (CWE)

References