CVE-2022-35249 – A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMenti …

Vuln ID: CVE-2022-35249

Published:  2022-09-23  19:15:14Z

Description: A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.

Source: NVD.NIST.GOV