CVE-2022-32218

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5

Description An information disclosure issue exists due to insufficient input validation in the actionLinkHandler method, allowing Message ID Enumeration with Regex MongoDB queries. This could enable a remote attacker to disclose protected information.

Recommendations For Rocket.Chat versions prior to 5, update to version 5 or later. For Rocket.Chat versions prior to 4.8.2, update to version 4.8.2 or later. For Rocket.Chat versions prior to 4.7.5, update to version 4.7.5 or later.

Exploit

Fix

Information Disclosure

Side Channel Attack

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-203CWE-20

Related Identifiers

BDU:2022-06135

CVE-2022-32218

Affected Products

Rocket.Chat

CVE-2022-32218

Weakness Enumeration

Related Identifiers

Affected Products

References · 6