An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rocket.chat rocket.chat |