A short story from an admin perspective
-
Today I was informed on one of my daily news websites about a security problem in rocket.chat.
https://www.heise.de/news/Rocket-Chat-Luecke-erlaubte-Remote-Code-Execution-durch-praeparierte-Nachrichten-4873678.html (in german)
https://blog.redteam.pl/2020/08/rocket-chat-xss-rce-cve-2020-15926.html (in english)Since rocket.chat is part of the critical communication infrastructure in my company, I had a brief moment of "Oh, wait. This is important and I must react now".
I opened the dashboard of Cloudron and took a quick look at the version number of the rocket.chat app and ...
Many thanks to the Cloudron team. I'm safe because of the "built-in" admin
