Lucene search
GoogleOSV:CVE-2022-32218HistorySep 23, 2022 - 7:15 p.m.
CVE-2022-32218
2022-09-2319:15:11
Google
osv.dev
10
rocket.chat
information disclosure
vulnerability
mongodb queries
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.001
Percentile
24.8%
An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries.
References
Related
cnvd
cnvd
Rocket.Chat actionLinkHandler information disclosure vulnerability
2022-09-28 00:00:00
cve
cve
CVE-2022-32218
2022-09-23 19:15:11
prion
prion
Information disclosure
2022-09-23 19:15:00
hackerone
hackerone
Rocket.Chat: Message ID Enumeration with Action Link Handler
2021-11-22 10:33:05
cvelist
cvelist
CVE-2022-32218
2022-09-23 18:28:13
nvd
nvd
CVE-2022-32218
2022-09-23 19:15:11
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.001
Percentile
24.8%
Related for OSV:CVE-2022-32218