CVE-2024-39713
HIGH EXPLOITED NUCLEIRocket.chat < 6.10.1 - SSRF
Title source: ruleDescription
A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.
Exploits (2)
nomisec
WORKING POC
5 stars
by typical-pashochek · infoleak
https://github.com/typical-pashochek/CVE-2024-39713
Nuclei Templates (1)
Rocket.Chat - Server-Side Request Forgery (SSRF)
HIGHby iamnoooob,rootxharsh,pdresearch
Shodan:
http.title:"rocket.chat"
FOFA:
title="rocket.chat"
Scores
CVSS v3
8.6
EPSS
0.8953
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Details
VulnCheck KEV
2024-11-07
CWE
CWE-918
Status
published
Products (2)
npm/rocket.chat
0 - 6.10.1npm
rocket.chat/rocket.chat
< 6.10.1
Published
Aug 05, 2024
Tracked Since
Feb 18, 2026