3 matches found
CVE-2022-32220
An information disclosure vulnerability exists in Rocket.Chat v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room...
CVE-2022-32220
An information disclosure vulnerability exists in Rocket.Chat v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room...
CVE-2022-32220
Rocket.Chat prior to v5 is impacted by an information-disclosure vulnerability in the getUserMentionsByChannel Meteor server method, which returns messages from private channels and DMs regardless of the user’s room access. Exploitation lets an authenticated user obtain sensitive messages they sh...