CVE-2022-32211

Summary

A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.

Affected Software

VendorProductVersion RangeStatus
n/aRocket.ChatFixed in 3.18.6, 4.4.4 and 4.7.3>affected

Weaknesses

  • CWE-89: SQL Injection (CWE-89)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References