Skip to main content

CVE-2022-35250: Privilege Escalation (CAPEC-233) in Rocket.chat

Medium
VulnerabilityCVE-2022-35250cvecve-2022-35250
Published: Fri Sep 23 2022 (09/23/2022, 18:28:12 UTC)
Source: CVE
Vendor/Project: n/a
Product: Rocket.chat

Description

A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.

AI-Powered Analysis

AILast updated: 07/08/2025, 06:13:45 UTC

Technical Analysis

CVE-2022-35250 is a privilege escalation vulnerability identified in Rocket.chat versions prior to 5.0. Rocket.chat is an open-source team communication platform widely used for messaging and collaboration. The vulnerability allows any authenticated user to elevate their privileges to view Direct Messages (DMs) without having the appropriate permissions. This issue stems from improper access control (CWE-732), where the system fails to enforce correct permission checks on sensitive private messages. The vulnerability does not require user interaction beyond authentication, and it can be exploited remotely over the network (AV:N). The attack complexity is low (AC:L), meaning an attacker with valid credentials can easily exploit this flaw without needing advanced skills. The CVSS 3.1 base score is 4.3 (medium severity), reflecting limited confidentiality impact (C:L), no impact on integrity or availability, and the requirement for low privileges (PR:L). No known exploits have been reported in the wild, and the issue was publicly disclosed on September 23, 2022. The vulnerability was fixed starting with Rocket.chat version 5.0, so systems running older versions remain at risk. Since Rocket.chat is often used in enterprise and organizational environments for internal communications, unauthorized access to direct messages could lead to exposure of sensitive or confidential information, undermining privacy and trust within organizations.

Potential Impact

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality. Unauthorized access to direct messages could expose sensitive business communications, personal data, or strategic discussions, potentially violating GDPR requirements regarding data privacy and protection. The impact is particularly significant for sectors handling sensitive information such as finance, healthcare, government, and critical infrastructure. Although the vulnerability does not affect system integrity or availability, the breach of confidentiality could lead to reputational damage, regulatory penalties, and loss of competitive advantage. Organizations relying on Rocket.chat for internal communication must consider the risk of insider threats or compromised user accounts being leveraged to exploit this vulnerability. Given the collaborative nature of Rocket.chat, the exposure of private messages could also facilitate social engineering or further targeted attacks within the organization.

Mitigation Recommendations

To mitigate this vulnerability effectively, European organizations should: 1) Immediately upgrade Rocket.chat installations to version 5.0 or later, where the vulnerability is patched. 2) Enforce strict access controls and monitor user permissions regularly to ensure that only authorized users have access to sensitive communication channels. 3) Implement strong authentication mechanisms, such as multi-factor authentication (MFA), to reduce the risk of compromised credentials being used to exploit this flaw. 4) Conduct regular audits of Rocket.chat logs to detect unusual access patterns or attempts to view unauthorized direct messages. 5) Educate users about the importance of safeguarding their credentials and recognizing suspicious activity. 6) If upgrading is not immediately feasible, consider restricting access to Rocket.chat to trusted networks or VPNs to limit exposure. 7) Review and update incident response plans to include scenarios involving unauthorized access to internal communications. These steps go beyond generic advice by focusing on both technical patching and organizational controls tailored to the nature of this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
hackerone
Date Reserved
2022-07-06T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682f725b0acd01a2492647db

Added to database: 5/22/2025, 6:52:11 PM

Last enriched: 7/8/2025, 6:13:45 AM

Last updated: 8/15/2025, 3:28:33 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats