CVE-2021-22892
27.05.2021, 12:15
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.Enginsight
| Vendor | Product | Version |
|---|---|---|
| rocket.chat | rocket.chat | 𝑥 < 3.11.3 |
| rocket.chat | rocket.chat | 3.12.0 ≤ 𝑥 < 3.12.2 |
| rocket.chat | rocket.chat | 3.12.3 |
| rocket.chat | rocket.chat | 3.12.4 |
| rocket.chat | rocket.chat | 3.12.5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-203 - Observable DiscrepancyThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.