HomeRocket.ChatCVE-2020-29594

CVE-2020-29594

CRITICAL
9.8CVSS
Published: 2020-12-30
Updated: 2024-11-21
AI Analysis

Description

Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login.

CVSS Metrics

Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
network
Complexity
low
Privileges
none
User Action
none
Scope
unchanged
Confidentiality
high
Integrity
high
Availability
high
Weaknesses
NVD-CWE-noinfo

Metadata

Primary Vendor
ROCKET.CHAT
Published
12/30/2020
Last Modified
11/21/2024
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

rocket.chat : rocket.chatrocket.chat : rocket.chatrocket.chat : rocket.chatrocket.chat : rocket.chatrocket.chat : rocket.chatrocket.chat : rocket.chat

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2020-29594 | CRITICAL Severity | CVEDatabase.com | CVEDatabase.com