CVE-2022-32227 in Rocket.Chat
Summary
by MITRE • 09/23/2022
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/23/2025
The vulnerability identified as CVE-2022-32227 represents a critical security flaw in Rocket.Chat versions prior to v5, v4.8.2, and v4.7.5 that exposes sensitive authentication data through cleartext transmission. This issue specifically affects systems where users possess the permission "view-full-other-user-info" which grants them elevated access to user information. The flaw manifests when OAuth tokens are transmitted without encryption, creating a significant risk for organizations relying on Rocket.Chat for secure communications and collaboration. The vulnerability falls under the category of insecure data transmission and directly violates fundamental security principles regarding the protection of sensitive information during network communication.
The technical implementation of this vulnerability stems from the application's failure to properly encrypt OAuth tokens when they are being transmitted between the Rocket.Chat server and external OAuth providers. When users with the "view-full-other-user-info" permission access certain endpoints, the system returns OAuth token information in plaintext format rather than through secure encrypted channels. This cleartext transmission exposes authentication credentials to potential interception by malicious actors who may be positioned within the network or capable of performing man-in-the-middle attacks. The vulnerability is particularly concerning because OAuth tokens serve as critical authentication mechanisms that, if compromised, could allow unauthorized access to user accounts and associated data across integrated services.
The operational impact of CVE-2022-32227 extends beyond immediate credential theft to encompass broader security implications for organizations using Rocket.Chat. Attackers who intercept these cleartext OAuth tokens can potentially gain unauthorized access to user accounts, access sensitive communications, and escalate privileges within the system. The vulnerability affects not only individual user accounts but also organizational data integrity and confidentiality, particularly in environments where Rocket.Chat integrates with enterprise identity management systems. This flaw creates opportunities for lateral movement within networks and could facilitate more extensive breaches when combined with other vulnerabilities. The risk is amplified by the fact that the affected permission level "view-full-other-user-info" is typically granted to administrators or users with elevated privileges, making the potential impact even more severe.
Organizations should implement immediate mitigations including updating to supported Rocket.Chat versions that address this vulnerability, enforcing mandatory encryption for all data transmission, and reviewing user permissions to minimize the scope of users with "view-full-other-user-info" access. Network monitoring should be enhanced to detect anomalous data transmission patterns that might indicate token interception attempts. The vulnerability aligns with CWE-319, which specifically addresses cleartext transmission of sensitive information, and represents a violation of the principle of least privilege as outlined in cybersecurity frameworks. From an ATT&CK perspective, this vulnerability enables techniques such as credential access through network sniffing and privilege escalation via compromised authentication tokens, making it a significant concern for defensive security operations and incident response planning.