Chat is a set of open source team chat software, and an information disclosure vulnerability exists in versions prior to Rocket.Chat 4.7.5. The vulnerability stems from allowing the “users.list” REST endpoint to obtain query parameters from JSON and run Users.find(queryFromClientSide), which can be exploited by an attacker to access any user data. vulnerability to access any of the user’s data.
CPE | Name | Operator | Version |
---|---|---|---|
rocket.chat rocket.chat | lt | 4.7.5 |