CVE-2024-46936

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions 6.12.0 through 6.7.8 and before

Description The issue allows attackers to abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose, leading to a message forgery and impersonation problem. This enables attackers to impersonate other users, potentially leading to security breaches and trust issues within the system.

Recommendations For Rocket.Chat versions 6.12.0 through 6.7.8 and before, as a temporary workaround, consider disabling the UpdateOTRAck method until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.