SQL Injection Vulnerability in Rocket.Chat Versions <v3.18.6, <v4.4.4, and <v4.7.3: Retrieval of Reset Password Token and 2FA Secret

SQL Injection Vulnerability in Rocket.Chat Versions <v3.18.6, <v4.4.4, and <v4.7.3: Retrieval of Reset Password Token and 2FA Secret

CVE-2022-32211 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.