CVE-2022-32229 - AskarLabs CVE Database

CVE-2022-32229

Vendor N/A

Product Rocket.Chat

Weakness CWE-200 · Info exposure

Published September 23, 2022

Last update May 22, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.

Key dates

02Disclosure timeline

September 23, 2022 CVE published

May 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-32229 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2018-0442 Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability CVE-2023-25683 IBM PowerVM Hypervisor information disclosure CVE-2023-22875 IBM Security QRadar SIEM information disclosure CVE-2024-8072 Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users CVE-2020-8210