What the vulnerability does

01Description

A information disclosure vulnerability exists in Rocket.chat <v5, <v4.8.2 and <v4.7.5 where the lack of ACL checks in the getRoomRoles Meteor method leak channel members with special roles to unauthorized clients.

Key dates

02Disclosure timeline

September 23, 2022 CVE published
May 22, 2025 Record updated