CVE-2015-8601

Name of the Vulnerable Software and Affected Versions Drupal Chat Room module versions 7.x-2.x before 7.x-2.2

Description The issue allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms. This is due to the module not properly checking permissions when setting up a websocket for chat messages.

Recommendations For versions prior to 7.x-2.2, update to version 7.x-2.2 or later to resolve the issue.