CVE-2022-32227
CVE-2022-32227 affects Rocket.Chat prior to v5, v4.8.2, and v4.7.5, where a user with the permission view-full-other-user-info could access another user’s OAuth tokens via the REST API (users.info). The root cause is cleartext transmission/leak of sensitive OAuth token data. Impact described incl...