CVE-2022-32220 – An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMen …

Vuln ID: CVE-2022-32220

Published:  2022-09-23  19:15:11Z

Description: An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.

Source: NVD.NIST.GOV