https://securifyinc.com/disclosures daily 0.75 2022-06-02 https://securifyinc.com/disclosures/rocketchat-unauthenticated-access-to-messages monthly 0.5 2021-07-02 https://securifyinc.com/disclosures/rocketchat-monitor-messages monthly 0.5 2021-11-26 https://images.squarespace-cdn.com/content/v1/603dc7d9cd5ee7681ca00145/1634147729319-4JJANJAH5UFBCYJVSZ1F/Screen+Shot+2021-10-13+at+10.54.24+AM.png Security Disclosures - RocketChat - Monitor User Messages - Make it stand out Whatever it is, the way you tell your story online can make all the difference. https://images.squarespace-cdn.com/content/v1/603dc7d9cd5ee7681ca00145/1634146619396-F6BNEFA55M8CPUHD5ARD/Screen+Shot+2021-10-13+at+10.35.39+AM.png Security Disclosures - RocketChat - Monitor User Messages - User ID validation This specific method took two parameters: rid and userID. The userID passed into the function is provided by the user rather than through the Meteor.user() session controller. Once called, the function checked if the userID was null or undefined. After the validation, it would then pull the user information. https://images.squarespace-cdn.com/content/v1/603dc7d9cd5ee7681ca00145/1634146917424-MAEFD2ZV3WOTTSS3G97F/Screen+Shot+2021-10-13+at+10.40.36+AM.png Security Disclosures - RocketChat - Monitor User Messages - Room and Access validation Next, the room validation is done by checking: If given rid is null/undefined If the rid is not null, get the room information via findOneByID canAccessRoom authorization check is called https://securifyinc.com/disclosures/tag/rocketchat monthly 0.5 https://securifyinc.com/disclosures/tag/nuclei-templates monthly 0.5 https://securifyinc.com/disclosures/tag/sev%3Acritical monthly 0.5 https://securifyinc.com/disclosures/tag/exploit monthly 0.5 https://securifyinc.com/disclosures/tag/exploits monthly 0.5 https://securifyinc.com/home daily 1.0 2021-11-26