Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Rocket.Chat - HackerOne Reports

View on HackerOne

82

Total Reports

16

Critical

22

High

32

Medium

9

Low

Online Status of arbitrary users can be changed

Reported by: gronke | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Upload of Avatars for other Users

Reported by: gronke | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Guest Privilege Escalation to admin group

Reported by: gronke | Disclosed:

Critical

Weakness: Improper Access Control - Generic

NoSQL-Injection discloses S3 File Upload URLs

Reported by: gronke | Disclosed:

Medium

Weakness: Information Disclosure

account takeover on 3.0.1 version

Reported by: elfiman | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Insecure use of shell.openExternal() in Rocket.Chat Desktop App leading to RCE

Reported by: baltpeter | Disclosed:

Critical

Weakness: OS Command Injection

Open redirect open.rocket.chat/file-upload/ID/filename.svg

Reported by: w2w | Disclosed:

Medium

Weakness: Open Redirect

It is possible to elevate privileges for any authenticated user to view permissions matrix and view Direct messages without appropriate permissions.

Reported by: garretby | Disclosed:

Medium

Weakness: Privilege Escalation

Custom crafted message object in Meteor.Call allows remote code execution and impersonation

Reported by: wreiske | Disclosed:

Critical

Weakness: Code Injection

Rocket.chat user info security issue

Reported by: mikolajczak | Disclosed:

Medium

Weakness: Cleartext Transmission of Sensitive Information

NoSQL injection in listEmojiCustom method call

Reported by: rijalrojan | Disclosed:

High

Weakness: SQL Injection

Low authorization level at server side API operation e2e.updateGroupKey, let an attacker break the E2E architecture.

Reported by: f0ns1 | Disclosed:

High

Weakness: Improper Access Control - Generic

Registration bypass with leaked Invite Token

Reported by: gronke | Disclosed:

High

Weakness: Improper Authentication - Generic

XSS in various MessageTypes

Reported by: gronke | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Impersonation in Sequential Messages

Reported by: gronke | Disclosed:

Medium

Messages can be hidden regardless of server configuration

Reported by: gronke | Disclosed:

Medium

Retrospective change of message timestamp and order

Reported by: gronke | Disclosed:

Medium

Stored XSS in any message (leads to priv esc for all users and file leak + rce via electron app)

Reported by: psych0tr1a | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - DOM

Content-Security Policy bypass with File Uploads

Reported by: gronke | Disclosed:

High

getUsersOfRoom discloses users in private channels

Reported by: gronke | Disclosed:

Medium

Page 1 of 5 Next