The Chat Room module 7.x-2.x prior to 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote malicious users to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
chat room project chat room 7.x-2.0 |
||
chat room project chat room 7.x-2.1 |