Lucene search
China National Vulnerability DatabaseCNVD-2022-88187HistorySep 28, 2022 - 12:00 a.m.
Rocket.Chat users.list information disclosure vulnerability
2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
rocket.chat
information disclosure
vulnerability
rest endpoint
query parameters
json
attacker
user data
exploitation
0.001 Low
EPSS
Percentile
25.0%
Chat is a set of open source team chat software, and an information disclosure vulnerability exists in versions prior to Rocket.Chat 4.7.5. The vulnerability stems from allowing the “users.list” REST endpoint to obtain query parameters from JSON and run Users.find(queryFromClientSide), which can be exploited by an attacker to access any user data. vulnerability to access any of the user’s data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rocket.chat rocket.chat | lt | 4.7.5 |
Related
hackerone
hackerone
Rocket.Chat: REST API gets `query` as parameter and executes it
2021-03-29 21:47:53
cve
cve
CVE-2022-32219
2022-09-23 19:15:11
prion
prion
Information disclosure
2022-09-23 19:15:00
nvd
nvd
CVE-2022-32219
2022-09-23 19:15:11
osv
osv
CVE-2022-32219
2022-09-23 19:15:11
cvelist
cvelist
CVE-2022-32219
2022-09-23 18:28:14