CVE-2022-32228 - AskarLabs CVE Database

CVE-2022-32228

Vendor N/A

Product Rocket.Chat

Weakness CWE-200 · Info exposure

Published September 23, 2022

Last update May 22, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs.

Key dates

02Disclosure timeline

September 23, 2022 CVE published

May 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-32228

Related vulnerabilities

04Related CVE

CVE-2021-22898 CVE-2016-6548 Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token CVE-2023-22476 MantisBT: Exposure of Private issues' summary to unauthorized users CVE-2022-21683 Comment reply notifications sent to incorrect users in wagtail CVE-2024-29898 Oversight in fix for GHSA-4rcf-3cj2-46mq may have exposed suppressed wiki requests on private wikis