CVE-2022-35251

A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://hackerone.com/reports/1401268	Exploit Issue Tracking Third Party Advisory
https://hackerone.com/reports/1401268	Exploit Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:10

Type	Values Removed	Values Added
References	~~() https://hackerone.com/reports/1401268 - Exploit, Issue Tracking, Third Party Advisory~~	() https://hackerone.com/reports/1401268 - Exploit, Issue Tracking, Third Party Advisory

Information

Published : 2022-09-23 19:15

Updated : 2024-11-21 07:10

NVD link : CVE-2022-35251

Mitre link : CVE-2022-35251

CVE.ORG link : CVE-2022-35251

JSON object : View

Products Affected

rocket.chat

rocket.chat

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-35251", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-09-23T19:15:14.150", "references": [{"url": "https://hackerone.com/reports/1401268", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/1401268", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de tipo Cross-site scripting en Rocket.chat versiones anteriores a v5 debido a una inyecci\u00f3n de estilo en la ventana de chat completa, un adversario es capaz de manipular no s\u00f3lo el estilo de la misma, sino que tambi\u00e9n ser\u00e1 capaz de bloquear la funcionalidad as\u00ed como secuestrar el contenido de los usuarios objetivo. Por lo tanto, las cargas \u00fatiles son almacenadas en los mensajes, es un vector de ataque persistente, que ser\u00e1 desencadenado tan pronto como el mensaje sea visualizado.\n"}], "lastModified": "2024-11-21T07:10:58.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFB310B9-2905-42DC-9D4A-F5233748BEC0", "versionEndExcluding": "5.0"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}