CVE-2022-32227

Published: Sep 23, 2022

Modified: May 22, 2025

PUBLISHED

Description

A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product.

Vendor	Product	Versions
n/a	Rocket.Chat	affected `Fixed in versions 4.7.5, 4.8.2, 5.0.0`

Weaknesses (CWE)

CWE-319

References

https://hackerone.com/reports/1517377

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-32227

Description

Affected Products

Weaknesses (CWE)

References