CVE-2022-32211 Information

Description

A SQL injection vulnerability exists in Rocket.Chat <v3.18.6 <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret.

Reference

https://hackerone.com/reports/1581059