CVE-2024-46936

{"id": "CVE-2024-46936", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-09-25T01:15:44.700", "references": [{"url": "https://docs.rocket.chat/docs/rocketchat-security-fixes-updates-and-advisories", "source": "cve@mitre.org"}, {"url": "https://github.com/RocketChat/Rocket.Chat/pull/33246", "source": "cve@mitre.org"}], "vulnStatus": "Deferred", "descriptions": [{"lang": "en", "value": "Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose."}, {"lang": "es", "value": "Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8 y versiones anteriores es vulnerable a un problema de falsificaci\u00f3n o suplantaci\u00f3n de identidad de mensajes. Los atacantes pueden abusar del m\u00e9todo UpdateOTRAck para enviar mensajes ef\u00edmeros como si fueran cualquier otro usuario que elijan."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cve@mitre.org"}