CVE-2020-29594
CRITICALRocket.Chat <0.74.4, 1.x<1.3.4, 2.x<2.4.13, 3.x<3.7.3, 3.8.x<3.8.3,...
Title source: llmDescription
Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/RocketChat/Rocket.Chat/releases/tag/3.9.1
Patch, Third Party Advisory x_refsource_misc
https://github.com/RocketChat/Rocket.Chat/compare/3.8.2...3.8.3
Scores
CVSS v3
9.8
EPSS
0.0161
EPSS Percentile
73.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
rocket.chat/rocket.chat
< 0.74.4
Published
Dec 30, 2020
Tracked Since
Feb 18, 2026