CVE-2023-28325 Information

Description

An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room.

Reference

https://hackerone.com/reports/1406479