Gronke

**Name of the Vulnerable Software and Affected Versions** mitmweb versions 11.1.1 and below mitmproxy versions 11.1.1 and below **Description** A malicious client can use mitmweb's proxy server to access mitmweb's internal API, potentially leading to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. The vulnerability can be exploited by an attacker in the same local network, as the `block global` option blocks connections from publicly-routable IP addresses. **Recommendations** For mitmweb versions 11.1.1 and below, update to mitmproxy 11.1.2 or above to fix the vulnerability. For mitmproxy versions 11.1.1 and below, update to mitmproxy 11.1.2 or above to fix the vulnerability. As a temporary workaround, consider restricting access to the internal API endpoint `127.0.0.1:8081` to minimize the risk of exploitation. Restrict access to the proxy server bound to `*:8080` to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** LiveChat (affected versions not specified) **Description** The issue allows livechat messages to be leaked through a combination of two NoSQL injections. These injections affect the `livechat:loginByToken` function, which is used for pre-authentication, and the `livechat:loadHistory` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat (affected versions not specified) **Description** A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command "/mute" occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat versions prior to 6.0 **Description** An improper authorization issue exists that could allow a hacker to manipulate the `rid` parameter and change the `updateMessage` method, which only checks whether the user is allowed to edit a message in the target room. **Recommendations** For versions prior to 6.0, update to version 6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `updateMessage` method to minimize the risk of exploitation. Avoid using the `rid` parameter in sensitive operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat (affected versions not specified) **Description** A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat (affected versions not specified) **Description** A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the `Message KeepHistory` or `Message ShowDeletedStatus` server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat versions prior to 5 **Description** An information disclosure issue exists due to the `getUserMentionsByChannel` meteor server method, which discloses messages from private channels and direct messages regardless of the user's access permission to the room. **Recommendations** For versions prior to 5, consider disabling the `getUserMentionsByChannel` method until a patch is available to prevent information disclosure.

**Name of the Vulnerable Software and Affected Versions** Rockert.Chat versions prior to 5 **Description** A information disclosure issue exists due to the lack of sanitization of user inputs in the /api/v1/chat.getThreadsList endpoint, which can leak private thread messages to unauthorized users via Mongo DB injection. **Recommendations** For versions prior to 5, update to version 5 or later to resolve the issue. As a temporary workaround, consider restricting access to the /api/v1/chat.getThreadsList endpoint to minimize the risk of exploitation. Avoid using unsanitized user inputs in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 **Description** A NoSQL-Injection information disclosure issue exists in the getS3FileUrl Meteor server method, which can disclose arbitrary file upload URLs to users that should not be able to access. **Recommendations** For versions prior to 5, update to version 5 or later. For versions prior to 4.8.2, update to version 4.8.2 or later. For versions prior to 4.7.5, update to version 4.7.5 or later.

**Name of the Vulnerable Software and Affected Versions** Rocket.chat versions prior to 5 Rocket.chat versions prior to 4.8.2 Rocket.chat versions prior to 4.7.5 **Description** A information disclosure issue exists due to the lack of ACL checks in the `getRoomRoles` Meteor method, which leaks channel members with special roles to unauthorized clients. **Recommendations** For versions prior to 5, update to version 5 or later to resolve the issue. For versions prior to 4.8.2, update to version 4.8.2 or later to resolve the issue. For versions prior to 4.7.5, update to version 4.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `getRoomRoles` Meteor method until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 **Description** A improper authentication issue exists that allows two-factor authentication to be bypassed when the server is configured to use CAS during login. **Recommendations** For versions prior to 5, update to version 5 or later to resolve the issue. For versions prior to 4.8.2, update to version 4.8.2 or later to resolve the issue. For versions prior to 4.7.5, update to version 4.7.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat versions prior to 5 **Description** A information disclosure issue exists where the `getUserMentionsByChannel` meteor server method discloses messages from private channels and direct messages regardless of the user's access permission to the room. **Recommendations** For versions prior to 5, update to version 5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `getUserMentionsByChannel` method until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 **Description** An improper access control issue exists due to insufficient input validation in the `getUsersOfRoom` Meteor server method. This allows MongoDB query operator objects to be accepted, enabling the execution of a `$regex` query instead of a matching `rid` String. As a result, the room access permission check can be bypassed for all but the first matching room. This could potentially allow a remote attacker to disclose protected information. **Recommendations** For Rocket.Chat versions prior to 5, update to version 5 or later to resolve the issue. For Rocket.Chat versions prior to 4.8.2, update to version 4.8.2 or later to resolve the issue. For Rocket.Chat versions prior to 4.7.5, update to version 4.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `getUsersOfRoom` Meteor server method until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 **Description** An information disclosure issue exists due to the getReadReceipts Meteor server method not properly filtering user inputs passed to MongoDB queries. This allows $regex queries to enumerate arbitrary Message IDs, potentially disclosing protected information. **Recommendations** For versions prior to 5, update to version 5 or later to resolve the issue. For versions prior to 4.8.2, update to version 4.8.2 or later to resolve the issue. For versions prior to 4.7.5, update to version 4.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the getReadReceipts Meteor server method until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 **Description** An information disclosure issue exists due to insufficient input validation in the `actionLinkHandler` method, allowing Message ID Enumeration with Regex MongoDB queries. This could enable a remote attacker to disclose protected information. **Recommendations** For Rocket.Chat versions prior to 5, update to version 5 or later. For Rocket.Chat versions prior to 4.8.2, update to version 4.8.2 or later. For Rocket.Chat versions prior to 4.7.5, update to version 4.7.5 or later.