Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.
Metrics
Affected Vendors & Products
References
History
Wed, 25 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rocketchat
Rocketchat rocket.chat |
|
CPEs | cpe:2.3:a:rocketchat:rocket.chat:*:*:*:*:*:*:*:* | |
Vendors & Products |
Rocketchat
Rocketchat rocket.chat |
|
Metrics |
cvssV3_1
|
Tue, 24 Sep 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-09-24T00:00:00
Updated: 2024-09-25T17:24:31.632Z
Reserved: 2024-09-15T00:00:00
Link: CVE-2024-46936
Vulnrichment
Updated: 2024-09-25T17:24:21.513Z
NVD
Status : Awaiting Analysis
Published: 2024-09-25T01:15:44.700
Modified: 2024-09-26T13:32:02.803
Link: CVE-2024-46936
Redhat
No data.