CVE-2023-28317
09.05.2023, 22:15
A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order.Enginsight
| Vendor | Product | Version |
|---|---|---|
| rocket.chat | rocket.chat | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-285 - Improper AuthorizationThe software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
- CWE-494 - Download of Code Without Integrity CheckThe product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.