cvedb.io
CVE-2023-23917
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2023-02-23T20:15:13.847 · Last modified 2026-06-17T05:38:16.493

Summary

A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well.

Affected products

rocket.chat — rocket.chat

Does this affect you?

Add your gear to cvedb and we'll alert you only when rocket.chat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.