CVE-2021-22886 - OpenCVE

Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rocket.chat	Rocket.chat

Configuration 1 [-]

OR	cpe:2.3:a:rocket.chat:rocket.chat::::::::
	cpe:2.3:a:rocket.chat:rocket.chat::::::::
	cpe:2.3:a:rocket.chat:rocket.chat::::::::
	cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc0::::::
	cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc1::::::
	cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc2::::::
	cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc3::::::
	cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc4::::::
	cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc5::::::
	cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc6::::::
	cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc7::::::

No data.

References

Link	Providers
https://docs.rocket.chat/guides/security/security-updates
https://github.com/RocketChat/Rocket.Chat/pull/20430
https://hackerone.com/reports/1014459

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2021-03-26T18:15:54

Updated: 2024-08-03T18:58:24.679Z

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22886

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-03-26T19:15:11.913

Modified: 2021-03-30T20:26:41.133

Link: CVE-2021-22886

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Rocket.Chat ", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in 3.11, 3.10.5, 3.9.7, 3.8.8"}]}], "descriptions": [{"lang": "en", "value": "Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Cross-site Scripting (XSS) - Stored (CWE-79)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-26T18:15:54", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.rocket.chat/guides/security/security-updates"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1014459"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/RocketChat/Rocket.Chat/pull/20430"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2021-22886", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Rocket.Chat ", "version": {"version_data": [{"version_value": "Fixed in 3.11, 3.10.5, 3.9.7, 3.8.8"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site Scripting (XSS) - Stored (CWE-79)"}]}]}, "references": {"reference_data": [{"name": "https://docs.rocket.chat/guides/security/security-updates", "refsource": "MISC", "url": "https://docs.rocket.chat/guides/security/security-updates"}, {"name": "https://hackerone.com/reports/1014459", "refsource": "MISC", "url": "https://hackerone.com/reports/1014459"}, {"name": "https://github.com/RocketChat/Rocket.Chat/pull/20430", "refsource": "MISC", "url": "https://github.com/RocketChat/Rocket.Chat/pull/20430"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:58:24.679Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.rocket.chat/guides/security/security-updates"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1014459"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/RocketChat/Rocket.Chat/pull/20430"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2021-22886", "datePublished": "2021-03-26T18:15:54", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:58:24.679Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*", "matchCriteriaId": "86A30DEE-F0BD-42BD-8BE7-EAFC4EB83A94", "versionEndExcluding": "3.8.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5B4CA06-527F-4600-A11A-ABFA54D754C8", "versionEndExcluding": "3.9.7", "versionStartIncluding": "3.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9EFC543-2F10-4521-9814-ABBD237364EB", "versionEndExcluding": "3.10.5", "versionStartIncluding": "3.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "894B212B-12E9-49D0-9DCC-A8DA2BE98FCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B996994C-FEC5-4524-94F4-E8F7CD666BC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "506868F8-3FEE-478E-BAA2-889C53A79977", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "49553F24-2CC0-48E6-BA55-4CE0283C1E6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "C4B247DC-ECB0-4859-8F6D-6CAA2C01B57E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "B3962CCC-17F4-4F4B-AE82-A53DB5ED19A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "AA4771F7-A143-44C9-8FED-B9111C22D058", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:3.11.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "6CA36B0C-3A4D-44EA-BAB8-A9B2D7F672D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app."}, {"lang": "es", "value": "Rocket.Chat versiones anteriores a 3.11, 3.10.5, 3.9.7, 3.8.8, es vulnerable a ataques de tipo cross-site scripting (XSS) persistente que usan etiquetas markdown anidadas que permiten a un atacante remoto inyectar JavaScript arbitrario en un mensaje. Este fallo conlleva a una lectura de archivos arbitraria y una RCE en la aplicaci\u00f3n de escritorio Rocket.Chat."}], "id": "CVE-2021-22886", "lastModified": "2021-03-30T20:26:41.133", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-26T19:15:11.913", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://docs.rocket.chat/guides/security/security-updates"}, {"source": "support@hackerone.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/RocketChat/Rocket.Chat/pull/20430"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/1014459"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "support@hackerone.com", "type": "Secondary"}]}