What the vulnerability does

01Description

An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room.

Key dates

02Disclosure timeline

May 11, 2023 CVE published
January 27, 2025 Record updated