Vulnerabilities > Rocket Chat > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-46935 | Unspecified vulnerability in Rocket.Chat Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). | 7.5 |
| 2024-08-05 | CVE-2024-39713 | Server-Side Request Forgery (SSRF) vulnerability in Rocket.Chat A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. | 8.6 |
| 2023-05-11 | CVE-2023-28356 | Resource Exhaustion vulnerability in Rocket.Chat A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive. | 7.5 |
| 2023-03-10 | CVE-2023-23911 | Inadequate Encryption Strength vulnerability in Rocket.Chat An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | 7.5 |
| 2023-02-23 | CVE-2023-23917 | Unspecified vulnerability in Rocket.Chat A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. | 8.8 |
| 2022-09-23 | CVE-2022-32211 | SQL Injection vulnerability in Rocket.Chat A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret. | 8.8 |
| 2022-09-23 | CVE-2022-35248 | Improper Authentication vulnerability in Rocket.Chat A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. | 8.8 |
| 2021-07-05 | CVE-2020-26763 | Unspecified vulnerability in Rocket.Chat 2.17.11 The Rocket.Chat desktop application 2.17.11 opens external links without user interaction. | 7.5 |
| 2021-05-27 | CVE-2021-22892 | Information Exposure Through Discrepancy vulnerability in Rocket.Chat An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks. | 7.5 |