Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in versions prior to Rocket.Chat 6.0, which stems from an ACL check in the slash command /mute, after checking if a user is a member of a given channel, which can disclose private channel members to unauthorized users and can be exploited by an attacker to enumerate usernames.