Vulnerabilities > CVE-2023-28318 - Unspecified vulnerability in Rocket.Chat

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

rocket-chat

NVD

Published: 2023-05-09

Updated: 2023-05-16

Summary

A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices.

Vulnerable Configurations

Part	Description	Count
Application	Rocket.Chat Rocket.Chat Rocket.Chat -	1

References

https://hackerone.com/reports/1379451