HomeDefault status
affected
8.3.0 (semver) before 8.3.0
unaffected
8.2.1 (semver) before 8.2.1
unaffected
8.0.3 (semver) before 8.0.3
unaffected
7.13.5 (semver) before 7.13.5
unaffected
7.12.6 (semver) before 7.12.6
unaffected
7.11.6 (semver) before 7.11.6
unaffected
7.10.9 (semver) before 7.10.9
unaffected
Description
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured.
Product status
8.3.0 (semver) before 8.3.0
8.2.1 (semver) before 8.2.1
8.0.3 (semver) before 8.0.3
7.13.5 (semver) before 7.13.5
7.12.6 (semver) before 7.12.6
7.11.6 (semver) before 7.11.6
7.10.9 (semver) before 7.10.9
References
github.com/RocketChat/Rocket.Chat/pull/39492