An information disclosure vulnerability exists in Rocket...
Moderate severity
Unreviewed
Published
Sep 25, 2022
to the GitHub Advisory Database
•
Updated Jul 21, 2023
Description
Published by the National Vulnerability Database
Sep 23, 2022
Published to the GitHub Advisory Database
Sep 25, 2022
Last updated
Jul 21, 2023
An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries.
References