Chat is a set of open source team chat software. Rocket.Chat versions prior to 5.0 have an authorization issue vulnerability that originates from the getUserMentionsByChannel meteor server method that leaks information and can be exploited by attackers to obtain sensitive information.