Security Advisory

CVE-2023-28325

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-11 00:00:00

Last updated 2025-01-27 16:59:31

Assigner hackerone

State PUBLISHED

Description

An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room.

← Browse all CVEs View on cve.org ↗