OpenCVE

A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). To exploit the vulnerability, the internal video chat window must be disabled or a Mac App Store build must be used (internalVideoChatWindow.ts#L14). The vulnerability may be exploited by an XSS attack because the function openInternalVideoChatWindow is exposed in the Rocket.Chat-Desktop-API.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rocket.chat	Rocket.chat

Configuration 1 [-]

cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://hackerone.com/reports/1781102

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2022-12-23T00:00:00

Updated: 2024-08-03T13:54:03.852Z

Reserved: 2022-11-01T00:00:00

Link: CVE-2022-44567

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-23T15:15:15.920

Modified: 2024-11-21T07:28:08.680

Link: CVE-2022-44567

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*", "matchCriteriaId": "19CAED1A-A80E-4623-B0AC-EA59F74B9DDD", "versionEndExcluding": "3.8.14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). To exploit the vulnerability, the internal video chat window must be disabled or a Mac App Store build must be used (internalVideoChatWindow.ts#L14). The vulnerability may be exploited by an XSS attack because the function openInternalVideoChatWindow is exposed in the Rocket.Chat-Desktop-API."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en Rocket.Chat-Desktop <3.8.14 que podr\u00eda permitir a un atacante pasar una URL maliciosa de openInternalVideoChatWindow a shell.openExternal(), lo que puede provocar la ejecuci\u00f3n remota de c\u00f3digo (internalVideoChatWindow.ts#L17). Para aprovechar la vulnerabilidad, se debe desactivar la ventana interna de chat de v\u00eddeo o se debe utilizar una versi\u00f3n de Mac App Store (internalVideoChatWindow.ts#L14). La vulnerabilidad puede ser explotada por un ataque XSS porque la funci\u00f3n openInternalVideoChatWindow est\u00e1 expuesta en Rocket.Chat-Desktop-API."}], "id": "CVE-2022-44567", "lastModified": "2024-11-21T07:28:08.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-23T15:15:15.920", "references": [{"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/1781102"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/1781102"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "support@hackerone.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}