8 matches found
Rocket.Chat getRoomRoles Meteor Information Disclosure Vulnerability
Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2, which stems from a lack of ACL checking in its getRoomRoles Meteor method, and can be exploited by an attacker to cause a...
CVE-2022-35247
CVE-2022-35247 describes an information-disclosure in Rocket.Chat via the getRoomRoles Meteor method due to missing ACL checks. Affected: Rocket.Chat versions prior to 5, prior to 4.8.2, and prior to 4.7.5. The vulnerability allows an unauthorized client to leak channel members with special roles...
PT-2022-22654 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.chat versions prior to 5 Rocket.chat versions prior to 4.8.2 Rocket.chat versions prior to 4.7.5 Description: A information disclosure issue exists due to the lack of ACL checks in the getRoomRoles Meteor method, which leaks channel...
Rocket.Chat: getRoomRoles Method leaks Channel Owner
Summary Lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients. Description Lack of ACL checks in the getRoomRoles Meteor method allow unauthorized clients to query channel members with special roles: javascript Meteor.methods...
Rocket.Chat: Message ID Enumeration with Action Link Handler
Summary The actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. Releases Affected: The Meteor method actionLinkHandler calls an actionLinks wrapper getMessage to find affected messages: javascript Meteor.methods actionLinkHandlername, messageId if...
Rocket.Chat: Unauthenticated clients can modify Livechat Business Hours
The Meteor method "livechat:saveOfficeHours" allowed unauthenticated clients to modify the global Livechat Business Hours by directly updating the database model...
Rocket.Chat: Unread Messages can leak Message IDs
The Meteor Method "unreadMessages" could leak existing Message IDs to unauthorized clients when called with a regular expression. The vulnerability was present in Rocket.Chat versions 3.9.3 and develop...
Rocket.Chat: SAML authentication bypass through unauthenticated `addSamlProvider` Meteor Call
Summary: Rocket.Chat exposes an unauthenticated Meteor method addSamlProvider, which allows disabling SAML signature verification. Description: The addSamlProvider Meteor method sets a number of settings, among them a boolean flag that defaults to false: js export const addSamlService =...