Описание
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.
EPSS
Процентиль: 28%
0.00101
Низкий
7.5 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.
EPSS
Процентиль: 28%
0.00101
Низкий
7.5 High
CVSS3