CVE-2023-23911 - AskarLabs CVE Database

CVE-2023-23911

Vendor N/A

Product Rocket.Chat

Weakness CWE-284

Published March 10, 2023

Last update February 28, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.

Key dates

02Disclosure timeline

March 10, 2023 CVE published

February 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-23911 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

04Related CVE

CVE-2025-21185 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability CVE-2023-50300 IBM Transformation Extender Advanced improper access control CVE-2022-28761 Zoom On-Premise Deployments: Improper Access Control CVE-2026-48907 Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5 CVE-2018-15372 Cisco IOS XE Software MACsec MKA Using EAP-TLS Authentication Bypass Vulnerability