Skip to main content

CVE-2022-32229

Severity Medium
Score 4.3/10

Summary

A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • LOW
  • NONE

References

Advisory Timeline

  • Published