CVE-2020-29594

CRITICAL

Rocket.Chat <0.74.4, 1.x<1.3.4, 2.x<2.4.13, 3.x<3.7.3, 3.8.x<3.8.3,...

Title source: llm
STIX 2.1

Description

Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/RocketChat/Rocket.Chat/releases/tag/3.9.1
Patch, Third Party Advisory x_refsource_misc
https://github.com/RocketChat/Rocket.Chat/compare/3.8.2...3.8.3

Scores

CVSS v3 9.8
EPSS 0.0161
EPSS Percentile 73.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
rocket.chat/rocket.chat < 0.74.4
Published Dec 30, 2020
Tracked Since Feb 18, 2026