exploitDog

CVE-2017-1000493

Опубликовано: 03 янв. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover

Ссылки

http://blog.sbarbeau.fr/2018/03/nosql-injection-leading-to.html
Exploit
Third Party Advisory
https://github.com/RocketChat/Rocket.Chat/pull/8408
Patch
Third Party Advisory
http://blog.sbarbeau.fr/2018/03/nosql-injection-leading-to.html
Exploit
Third Party Advisory
https://github.com/RocketChat/Rocket.Chat/pull/8408
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*

Версия до 0.59 (включая)

EPSS

Процентиль: 53%

0.00296

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-jhj8-83wr-xg4p

CVSS3: 9.8

github

больше 3 лет назад

Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover

EPSS

Процентиль: 53%

0.00296

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74