CVE-2023-23917

Name of the Vulnerable Software and Affected Versions Rocket.Chat server versions prior to 5.2.0

Description A prototype pollution issue exists that could allow an attacker to achieve remote code execution (RCE) under the admin account. This vulnerability may affect cloud infrastructure, as any user can create their own server and become an admin. Additionally, it may increase the impact of cross-site scripting (XSS) to RCE, posing a risk to self-hosted users.

Recommendations For versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to admin accounts and monitoring for suspicious activity.