Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-88182
HistorySep 28, 2022 - 12:00 a.m.

Rocket.Chat getReadReceipts Meteor information disclosure vulnerability

2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
rocket.chat
open source
team chat
vulnerability
versions
mongodb
query
enumerate

0.001 Low

EPSS

Percentile

24.8%

Chat, an open source team chat software, is vulnerable in versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2. The vulnerability stems from a failure of the getReadReceipts Meteor server method to properly filter user input passed to a MongoDB query. An attacker could exploit the vulnerability to allow $regex queries to enumerate arbitrary message IDs.

0.001 Low

EPSS

Percentile

24.8%

Related for CNVD-2022-88182