← Back

CVE-2020-28208

nvd nistnuclei
Published: Jan 8, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.

Affected (1)

Rocket.chat
1 product
Rocket.chat
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Rocket.chat
Up to 3.9.1

Related CWEs

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (16)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Broken LinkMailing ListThird Party Advisory
Source: cve@mitre.org
Broken LinkMailing ListThird Party Advisory
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.