Security Vulnerability in 0.57.3, 0.58.3 and below

SHARE

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
cover1-6

All users are advised to upgrade Rocket.Chat Server to 0.57.4, 0.58.4, 0.59.0 or greater.

Rocket.Chat Server version 0.58.3, 0.57.3 and prior versions are vulnerable to a NoSQL injection which can lead to an administrator account takeover.

Thank you to Steeve Barbeau for identifying and reporting the vulnerability. The details of the vulnerability will be shared in a future update.

If you have any questions, concerns or require advice please contact security@rocket.chat or chat to us on https://open.rocket.chat/channel/support.

Nick van den Berg

Wondering if Rocket.Chat is the right fit for your team?

Topics

Gabriel Engel

Gabriel Engel

SHARE

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp