Rocket_chat


reports in last 90 days

6

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

None Slack Token exposed over internet (Github)

Cleartext Storage of Sensitive Information sanjogpanda Issue was not triaged


Time to close: 8 Days and 3 hours
Resolved

Critical Broken access control on apps

Improper Access Control - Generic theappsec Time to triage: 7 Days and 6 hours


Time to close: 0 Days and 0 hours
Resolved

No rating Blind XSS in the rocket.chat registration email

Cross-site Scripting (XSS) - Stored edoverflow Time to triage: 15 Days and 19 hours


Time to close: 25 Days and 3 hours
Resolved

Medium XSS (stored) Wizard is saving executable code

Cross-site Scripting (XSS) - Stored 24nitin Time to triage: 12 Days and 1 hours


Time to close: 23 Days and 0 hours
Resolved

High Remote Code Execution in Rocket.Chat Desktop

Code Injection mattaustin Time to triage: 0 Days and 7 hours


Time to close: 218 Days and 23 hours
Resolved

Medium Remote code execution by hijacking an unclaimed S3 bucket in Rocket.Chat's installation script.

Code Injection edoverflow Time to triage: 2 Days and 20 hours


Time to close: 0 Days and 0 hours
Resolved