Security Advisory

CVE-2023-28357

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-11 00:00:00

Last updated 2025-01-27 17:11:35

Assigner hackerone

State PUBLISHED

Description

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to.

← Browse all CVEs View on cve.org ↗