Unrated severityOSV Advisory· Published May 11, 2023· Updated Jan 27, 2025
CVE-2023-28325
CVE-2023-28325
Description
An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room.
Affected products
20.10.0, 0.10.1, 0.10.2, …+ 1 more
- (no CPE)range: 0.10.0, 0.10.1, 0.10.2, …
- (no CPE)range: <6.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.