CVE-2024-46934

Published Sep 25, 2024

Last updated 2 months ago

CVSS medium 6.1

Overview

Description: Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9B9DDD7-5E79-488F-BD2F-9B7EEBF7EC46",
            "versionEndExcluding": "6.7.9"
          },
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "842262D3-74EF-490E-B0DC-4DC0A0B185AA",
            "versionEndExcluding": "6.8.7",
            "versionStartIncluding": "6.8.0"
          },
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "702723D8-57FB-402E-A6B7-39907F865998",
            "versionEndExcluding": "6.9.7",
            "versionStartIncluding": "6.9.0"
          },
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C84DFE29-F5DE-411B-82B7-24DDBCD82CFF",
            "versionEndExcluding": "6.10.6",
            "versionStartIncluding": "6.10.0"
          },
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5668FE7A-694F-4E18-960C-D2BFEC6890DF",
            "versionEndExcluding": "6.11.3",
            "versionStartIncluding": "6.11.0"
          },
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E57EDBB1-FF16-4A24-AED2-90D61FB47CE4"
          },
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48C71A14-5A84-4CBD-BA42-07DE1EB5A320"
          },
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "403EB714-366A-4783-8547-00E4A3F4BF40"
          },
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "526F1CDD-BCD2-457E-A165-13ABE499F1EC"
          },
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DA3467D-B02C-4FA0-BE26-071FB1560183"
          },
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAE65E7F-2D5B-4B26-A089-F0E4B5C72E24"
          },
          {
            "criteria": "cpe:2.3:a:rocket.chat:rocket.chat:6.12.0:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E74704CE-0BCF-440D-9087-5B5D66DD0B01"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References