Rocket.Chat: Upload of Avatars for other Users

The vulnerability allowed unprivileged users to upload avatar pictures on behalf of other users. The effect of the exploit depended on the storage backend, with the default GridFS being affected. The vulnerability was found in the Rocket.Chat development version at commit 5f0180dc...