CVE-2022-32211 Questions

Does CVE-2022-32211 affect version 4.7.0 of Rocket.Chat?

Also, how can one ascertain whether one’s Rocket.Chat server has been compromised?

Additional questions:

What, if anything, can be done to mitigate the risk of this vulnerability short of updating Rocket.Chat?

I am presently unable to update Rocket.Chat owing to the problem I described here:

Would it be advisable to simply shut down my server?


You can always prevent external access. As you are running on a VPS, let’s try upgrading it :superhero:

I have missed your last message, and have just answered it to something that may help.

Please, consider joining our Community Support Channel so others can also jump in and help you out. (Don’t forget to post the link to the forums so we can keep things in sync :slight_smile: )


I registered a new account on using the same user name as here. However, even after email address verification, when I attempt to log in, I receive “User not found or incorrect password” notice. :frowning: