← Back to CVE List
CVE-2022-32220
An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt