3 matches found
CVE-2023-28357
A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...
CVE-2023-28357
CVE-2023-28357 affects Rocket.Chat. The vulnerability arises in the Slash Command /mute, where an ACL check occurs after confirming a user’s channel membership, allowing authenticated users to enumerate whether a username is a member of a channel they cannot access. Impact described as informatio...
CVE-2023-28357
A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...