CVE-2022-32227: Cleartext Transmission of Sensitive Information (CWE-319) in Rocket.Chat
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product.
AI Analysis
Technical Summary
CVE-2022-32227 is a vulnerability identified in Rocket.Chat versions prior to 4.7.5, 4.8.2, and 5.0.0, involving the cleartext transmission of sensitive OAuth tokens. Specifically, the flaw arises when a user has the permission "view-full-other-user-info," which allows access to OAuth tokens that are transmitted without encryption. This vulnerability falls under CWE-319, which pertains to the cleartext transmission of sensitive information over a network. The issue is that OAuth tokens, which are critical for authentication and authorization, can be intercepted by attackers if transmitted in plaintext, potentially leading to unauthorized access to user accounts or services. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector string (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) shows that the attack can be performed remotely over the network with low attack complexity, requires privileges (permission) but no user interaction, and impacts confidentiality with high impact but no impact on integrity or availability. No known exploits are reported in the wild, but the vulnerability is publicly disclosed and patched in the specified versions. The root cause is the insecure handling of OAuth tokens during transmission, which should ideally be encrypted to prevent interception. This vulnerability is particularly relevant in environments where Rocket.Chat is used for internal or external communications, as leaked tokens could allow attackers to impersonate users or access sensitive information.
Potential Impact
For European organizations using vulnerable versions of Rocket.Chat, this vulnerability poses a significant risk to the confidentiality of OAuth tokens, potentially leading to unauthorized access to internal communication channels or integrated services. Since Rocket.Chat is often used for team collaboration, leaking OAuth tokens could allow attackers to impersonate users, access sensitive conversations, or pivot to other connected systems. This risk is heightened in sectors with strict data protection requirements such as finance, healthcare, and government, where unauthorized access could lead to regulatory violations under GDPR and other compliance frameworks. The lack of impact on integrity and availability means the system's operation might not be disrupted, making detection harder. However, the confidentiality breach alone can lead to data leaks, espionage, or lateral movement within networks. The requirement for the "view-full-other-user-info" permission limits the exposure to users with elevated privileges, but insider threats or compromised accounts with such permissions could exploit this vulnerability. Given the medium CVSS score and the nature of the vulnerability, organizations should prioritize patching to prevent potential token interception and misuse.
Mitigation Recommendations
1. Immediate upgrade of Rocket.Chat instances to versions 4.7.5, 4.8.2, or 5.0.0 or later, where the vulnerability has been fixed. 2. Review and restrict the assignment of the "view-full-other-user-info" permission to only trusted and necessary users to minimize the attack surface. 3. Implement network-level encryption (e.g., enforce HTTPS/TLS) for all Rocket.Chat communications to ensure tokens and other sensitive data are not transmitted in cleartext. 4. Conduct audits of OAuth token usage and monitor for unusual access patterns that might indicate token compromise. 5. Educate administrators and users about the risks of token leakage and encourage the use of multi-factor authentication (MFA) to reduce the impact of token theft. 6. Employ network security controls such as intrusion detection/prevention systems (IDS/IPS) to detect anomalous traffic that could indicate token interception attempts. 7. Regularly review and update security policies related to third-party integrations and OAuth token management within Rocket.Chat environments.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain, Belgium
CVE-2022-32227: Cleartext Transmission of Sensitive Information (CWE-319) in Rocket.Chat
Description
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product.
AI-Powered Analysis
Technical Analysis
CVE-2022-32227 is a vulnerability identified in Rocket.Chat versions prior to 4.7.5, 4.8.2, and 5.0.0, involving the cleartext transmission of sensitive OAuth tokens. Specifically, the flaw arises when a user has the permission "view-full-other-user-info," which allows access to OAuth tokens that are transmitted without encryption. This vulnerability falls under CWE-319, which pertains to the cleartext transmission of sensitive information over a network. The issue is that OAuth tokens, which are critical for authentication and authorization, can be intercepted by attackers if transmitted in plaintext, potentially leading to unauthorized access to user accounts or services. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector string (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) shows that the attack can be performed remotely over the network with low attack complexity, requires privileges (permission) but no user interaction, and impacts confidentiality with high impact but no impact on integrity or availability. No known exploits are reported in the wild, but the vulnerability is publicly disclosed and patched in the specified versions. The root cause is the insecure handling of OAuth tokens during transmission, which should ideally be encrypted to prevent interception. This vulnerability is particularly relevant in environments where Rocket.Chat is used for internal or external communications, as leaked tokens could allow attackers to impersonate users or access sensitive information.
Potential Impact
For European organizations using vulnerable versions of Rocket.Chat, this vulnerability poses a significant risk to the confidentiality of OAuth tokens, potentially leading to unauthorized access to internal communication channels or integrated services. Since Rocket.Chat is often used for team collaboration, leaking OAuth tokens could allow attackers to impersonate users, access sensitive conversations, or pivot to other connected systems. This risk is heightened in sectors with strict data protection requirements such as finance, healthcare, and government, where unauthorized access could lead to regulatory violations under GDPR and other compliance frameworks. The lack of impact on integrity and availability means the system's operation might not be disrupted, making detection harder. However, the confidentiality breach alone can lead to data leaks, espionage, or lateral movement within networks. The requirement for the "view-full-other-user-info" permission limits the exposure to users with elevated privileges, but insider threats or compromised accounts with such permissions could exploit this vulnerability. Given the medium CVSS score and the nature of the vulnerability, organizations should prioritize patching to prevent potential token interception and misuse.
Mitigation Recommendations
1. Immediate upgrade of Rocket.Chat instances to versions 4.7.5, 4.8.2, or 5.0.0 or later, where the vulnerability has been fixed. 2. Review and restrict the assignment of the "view-full-other-user-info" permission to only trusted and necessary users to minimize the attack surface. 3. Implement network-level encryption (e.g., enforce HTTPS/TLS) for all Rocket.Chat communications to ensure tokens and other sensitive data are not transmitted in cleartext. 4. Conduct audits of OAuth token usage and monitor for unusual access patterns that might indicate token compromise. 5. Educate administrators and users about the risks of token leakage and encourage the use of multi-factor authentication (MFA) to reduce the impact of token theft. 6. Employ network security controls such as intrusion detection/prevention systems (IDS/IPS) to detect anomalous traffic that could indicate token interception attempts. 7. Regularly review and update security policies related to third-party integrations and OAuth token management within Rocket.Chat environments.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- hackerone
- Date Reserved
- 2022-06-01T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682f6ee00acd01a24926470c
Added to database: 5/22/2025, 6:37:20 PM
Last enriched: 7/8/2025, 7:29:06 AM
Last updated: 7/31/2025, 3:33:45 PM
Views: 13
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.