A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be u…

CVSS: 4.3 · CWE: CWE-400

View on NVD

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

CVSS: 4.3 · CWE: CWE-522

View on NVD

A blind self XSS vulnerability exists in RocketChat LiveChat

CVSS: 6.1 · CWE: CWE-79

View on NVD

A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

CVSS: 4.3 · CWE: CWE-862

View on NVD

A cross-site request forgery (CSRF) vulnerability in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential.

CVSS: 4.3 · CWE: CWE-352

View on NVD

A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username…

CVSS: 5.4 · CWE: CWE-79

View on NVD

An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel.

CVSS: 6.1 · CWE: CWE-79

View on NVD