A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients.
References
Link | Resource |
---|---|
https://hackerone.com/reports/1447440 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2022-09-23T18:28:13
Updated: 2022-09-23T18:28:13
Reserved: 2022-07-06T00:00:00
Link: CVE-2022-35247
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-23T19:15:13.957
Modified: 2022-09-26T18:05:01.427
Link: CVE-2022-35247
JSON object: View
Redhat Information
No data.