CVE-2022-32226

Published: Sep 23, 2022Modified: May 22, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching rid String a$regex query can be executed, bypassing the room access permission check for every but the first matching room.

Affected (2)

Products: Rocket.chat: Rocket.chat

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Rocket.chat Rocket.chat	Before 4.7.5
Rocket.chat Rocket.chat	From 4.8.0 to 4.8.2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://hackerone.com/reports/1410357

Source: support@hackerone.com

ExploitIssue TrackingThird Party Advisory

https://hackerone.com/reports/1410357

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.