exploitDog

CVE-2023-28318

Опубликовано: 09 мая 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices.

Ссылки

https://hackerone.com/reports/1379451
Third Party Advisory
https://hackerone.com/reports/1379451
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rocket.chat:rocket.chat:-:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00032

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-285

NVD-CWE-noinfo

CWE-346

Связанные уязвимости

GHSA-fgc6-vr5x-6xch

CVSS3: 5.3

github

больше 2 лет назад

A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices.

EPSS

Процентиль: 9%

0.00032

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-285

NVD-CWE-noinfo

CWE-346