exploitDog

CVE-2023-28316

Опубликовано: 09 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled.

Ссылки

https://hackerone.com/reports/992280
Third Party Advisory
https://hackerone.com/reports/992280
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rocket.chat:rocket.chat:-:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00305

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-384

CWE-384

Связанные уязвимости

GHSA-fm4w-5hqf-ch9w

CVSS3: 9.8

github

больше 2 лет назад

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled.

EPSS

Процентиль: 53%

0.00305

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-384

CWE-384