PT-2022-21153 · Unknown · Rocket.Chat
Ghaem51
·
Published
2022-09-23
·
Updated
2022-09-28
·
CVE-2022-32211
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rocket.Chat versions prior to 3.18.6
Rocket.Chat versions prior to 4.4.4
Rocket.Chat versions prior to 4.7.3
Description
A SQL injection issue exists, allowing an attacker to retrieve a reset password token or a 2fa secret.
Recommendations
For versions prior to 3.18.6, update to version 3.18.6 or later.
For versions prior to 4.4.4, update to version 4.4.4 or later.
For versions prior to 4.7.3, update to version 4.7.3 or later.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rocket.Chat