CVE-2022-30124

Summary

An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code).

Affected Software

VendorProductVersion RangeStatus
n/aRocket.Chat Mobile app4.14.1.22788 iOS/Androidaffected

Weaknesses

  • CWE-287: Improper Authentication - Generic (CWE-287)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References