Vulnerabilities > Rocket Chat > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2023-28316 | Session Fixation vulnerability in Rocket.Chat A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. | 9.8 |
| 2022-12-23 | CVE-2022-44567 | OS Command Injection vulnerability in Rocket.Chat A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). | 9.8 |
| 2021-08-09 | CVE-2021-22910 | Unspecified vulnerability in Rocket.Chat A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. | 9.8 |
| 2021-05-27 | CVE-2021-22911 | Unspecified vulnerability in Rocket.Chat 3.11.0/3.12.0/3.13.0 A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE. | 9.8 |
| 2020-12-30 | CVE-2020-29594 | Unspecified vulnerability in Rocket.Chat Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. | 9.8 |
| 2018-01-03 | CVE-2017-1000493 | Injection vulnerability in Rocket.Chat Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover | 9.8 |