What the vulnerability does

01Description

A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.

Key dates

02Disclosure timeline

September 23, 2022 CVE published
May 22, 2025 Record updated