CVE-2022-35246
Rocket.Chat’s CVE-2022-35246 is a NoSQL-Injection information disclosure in the getS3FileUrl Meteor server method. The vulnerability allows an authenticated user to disclose the redirect URL of arbitrary file uploads, due to insufficient access checks when retrieving the file URL. Affected versio...