An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the “users.list” REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). This means virtually any authenticated user can access any data (except password hashes) of any user authenticated.
Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku
Kaynak: National Vulnerability Database
