CVE-2022-32217
23.09.2022, 19:15
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs.Enginsight
| Vendor | Product | Version |
|---|---|---|
| rocket.chat | rocket.chat | 𝑥 < 4.6.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
- CWE-532 - Insertion of Sensitive Information into Log FileInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.