Vulnerability of the `getUsersOfRoom` method in the server-based corporate messaging system that supports file sharing and video conferencing in Rocket. This chat feature allows attackers to expose sensitive information.

The vulnerability of the getUsersOfRoom method in the server-based corporate messaging system that supports file sharing and video conferences in Rocket. Chat involves insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive informatio...

Rocket.Chat Input Validation Error Vulnerability

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an input validation error vulnerability that stems from a failure to type validate input data in the getUsersOfRoom Meteor server method. An authenticated attacker could use this vulnerability to enumerate existing rooms a...

PT-2022-4945 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 Description: An improper access control issue exists due to insufficient input validation in the getUsersOfRoom Meteor server method. This...

Rocket.Chat: getUsersOfRoom discloses users in private channels

Summary Improper input data validation in the getUsersOfRoom Meteor server method allows authenticated users to enumerate existing rooms and subscribed users. Description Input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accept...