Skip to main content

CVE-2022-32228: Information Disclosure (CWE-200) in Rocket.Chat

Medium
VulnerabilityCVE-2022-32228cvecve-2022-32228cwe-200
Published: Fri Sep 23 2022 (09/23/2022, 18:28:13 UTC)
Source: CVE
Vendor/Project: n/a
Product: Rocket.Chat

Description

An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs.

AI-Powered Analysis

AILast updated: 07/08/2025, 08:11:06 UTC

Technical Analysis

CVE-2022-32228 is an information disclosure vulnerability affecting Rocket.Chat versions prior to 4.7.5, 4.8.2, and 5.0.0. The root cause lies in the getReadReceipts Meteor server method, which fails to properly sanitize user inputs before incorporating them into MongoDB queries. Specifically, the vulnerability allows an attacker to use crafted $regex queries to enumerate arbitrary Message IDs stored in the database. This improper input filtering enables attackers with at least limited privileges (PR:L) to perform unauthorized data enumeration, potentially exposing message metadata or identifiers that should remain confidential. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N). The CVSS v3.1 base score is 4.3 (medium severity), reflecting limited confidentiality impact without affecting integrity or availability. No known exploits are reported in the wild, but the flaw represents a vector for information leakage that could aid further targeted attacks or reconnaissance within affected Rocket.Chat deployments.

Potential Impact

For European organizations using vulnerable Rocket.Chat versions, this vulnerability could lead to unauthorized disclosure of message identifiers and related metadata. While the direct confidentiality impact is limited (no message content leakage is explicitly stated), the ability to enumerate message IDs can facilitate further attacks such as targeted phishing, social engineering, or privilege escalation attempts. Organizations relying on Rocket.Chat for internal communications, especially those handling sensitive or regulated data, may face increased risk of information exposure. This could undermine trust in communication confidentiality and potentially violate data protection regulations like GDPR if personal data is indirectly exposed. The vulnerability does not affect system integrity or availability, so operational disruption risk is low. However, the information leakage could be leveraged by threat actors to map communication patterns or identify high-value targets within European enterprises or government entities.

Mitigation Recommendations

European organizations should promptly upgrade Rocket.Chat to versions 4.7.5, 4.8.2, or 5.0.0 or later, where this vulnerability is fixed. Until patching is complete, administrators should restrict access to the getReadReceipts Meteor server method by enforcing strict authentication and authorization controls, limiting which users can invoke this method. Network-level controls such as firewall rules or VPN requirements can reduce exposure by limiting access to Rocket.Chat servers. Monitoring and logging of unusual query patterns or excessive use of $regex queries against the database should be implemented to detect potential exploitation attempts. Additionally, organizations should review their Rocket.Chat configurations to disable or restrict features that expose message metadata unnecessarily. Conducting internal audits to identify any suspicious enumeration activity and educating users about potential phishing risks arising from leaked metadata can further reduce impact.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
hackerone
Date Reserved
2022-06-01T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682f6b520acd01a249264635

Added to database: 5/22/2025, 6:22:10 PM

Last enriched: 7/8/2025, 8:11:06 AM

Last updated: 7/31/2025, 4:18:51 PM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats