2 matches found
CVE-2022-35249
A information disclosure vulnerability exists in Rocket.Chat...
CVE-2022-35249
The vulnerability CVE-2022-35249 affects Rocket.Chat prior to version 5.0, where the meteor server method getUserMentionsByChannel discloses messages from private channels and direct messages regardless of the user’s room permissions. This stems from insufficient authorization checks in the metho...