daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: vulnerabilities/rocketchat/unauth-message-read.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-06-03 10:35:46 -04:00
parent fa3a5e3c36
commit d36101cad4
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
vulnerabilities/rocketchat/unauth-message-read.yaml
View File

@ -1,12 +1,17 @@
id: rocketchat-unauth-access
info:
name: RocketChat Unauthenticated Read Access
name: RocketChat - Unauthenticated Read Access
author: rojanrijal
severity: critical
description: An issue with the Live Chat accepting invalid parameters could potentially allow unauthenticated access to messages and user tokens.
severity: medium
description: RocketChat Live Chat accepts invalid parameters that could potentially allow unauthenticated access to messages and user tokens.
reference:
- https://docs.rocket.chat/guides/security/security-updates
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
cvss-score: 5.8
cve-id:
cwe-id: CWE-522
tags: rocketchat,unauth
requests:
@ -39,3 +44,5 @@ requests:
- '"success":true'
part: body
condition: and
# Enhanced by mp on 2022/06/03