CVE-2023-28359
CVSS V2 None
CVSS V3 None
Description
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.
Overview
- CVE ID
- CVE-2023-28359
- Assigner
- support@hackerone.com
- Vulnerability Status
- Received
- Published Version
- 2023-05-11T22:15:10
- Last Modified Date
- 2023-05-11T22:15:10
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://hackerone.com/reports/1757676 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-28359 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28359 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-05-11 23:00:28 | Added to TrackCVE | |||
| 2023-05-11 23:00:30 | Weakness Enumeration | new |