CVE-2023-28357

CVE-2023-28357

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to.

Source: CVE-2023-28357

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다