Lucene search
China National Vulnerability DatabaseCNVD-2022-88182HistorySep 28, 2022 - 12:00 a.m.
Rocket.Chat getReadReceipts Meteor information disclosure vulnerability
2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
rocket.chat
open source
team chat
vulnerability
versions
mongodb
query
enumerate
0.001 Low
EPSS
Percentile
25.0%
Chat, an open source team chat software, is vulnerable in versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2. The vulnerability stems from a failure of the getReadReceipts Meteor server method to properly filter user input passed to a MongoDB query. An attacker could exploit the vulnerability to allow $regex queries to enumerate arbitrary message IDs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rocket.chat rocket.chat >=4.8.0, | lt | 4.8.2 | |
| rocket.chat rocket.chat | lt | 4.7.5 |
Related
nvd
nvd
CVE-2022-32228
2022-09-23 19:15:11
cvelist
cvelist
CVE-2022-32228
2022-09-23 18:28:13
osv
osv
CVE-2022-32228
2022-09-23 19:15:11
hackerone
hackerone
cve
cve
CVE-2022-32228
2022-09-23 19:15:11
prion
prion
Information disclosure
2022-09-23 19:15:00