CVE-2024-37405

Summary

Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (pre-authentication) and livechat:loadHistory.

Affected Software

VendorProductVersion RangeStatus
Rocket.ChatRocket.Chat6.10.0 < 6.10.0affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References