CVE-2023-23917

Published: Feb 23, 2023

Modified: Mar 12, 2025

PUBLISHED

Description

A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well.

Vendor	Product	Versions
n/a	Rocket.chat	affected `Fixed Version => 5.2.0`

Weaknesses (CWE)

CWE-77

References

https://hackerone.com/reports/1631258

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-23917

Description

Affected Products

Weaknesses (CWE)

References