2 matches found
CVE-2023-23911
An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room...
CVE-2023-23911
The CVE-2023-23911 issue is an improper access control vulnerability in Rocket.Chat prior to v6 that could allow an attacker to break the E2E chat-room encryption by changing the group key. Root cause: a user can modify the group key via server-side operations, enabling access to encrypted messag...