Chat is a set of open source team chat software. Rocket.Chat versions prior to 5.0 contain an information disclosure vulnerability that stems from the getUserMentionsByChannel meteor server method that discloses messages from private channels and direct messages, regardless of the user’s access rights to the room. An attacker could exploit the vulnerability to obtain sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
rocket.chat rocket.chat | lt | 5.0 |