Can you explain this vulnerability to me?

This vulnerability exists in the /api/v1/autotranslate.translateMessage endpoint in certain versions of the software prior to 8.5.0 and other specified versions. It allows any authenticated user to retrieve the full content of any message from any room, including private groups, direct messages, and channels, simply by providing the target message ID.

The issue arises because the endpoint fetches the message using Messages.findOneById(messageId) without performing any room access checks (the canAccessRoomIdAsync function is never called). As a result, the complete IMessage object is returned, which includes message text, sender information, room ID, timestamps, and markdown content.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can lead to unauthorized disclosure of sensitive information because any authenticated user can access the full content of messages from any room, including private and direct messages.

• Exposure of private communications and sensitive data.
• Potential privacy violations for users whose messages are accessed without permission.
• Loss of trust in the confidentiality of the messaging platform.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability allows any authenticated user to retrieve the full content of any message from any room, including private groups and direct messages, without proper access checks.

Such unauthorized access to private and potentially sensitive message content could lead to violations of data privacy and protection regulations such as GDPR and HIPAA, which require strict controls on access to personal and sensitive information.

Therefore, this vulnerability poses a risk to compliance with these common standards by potentially exposing confidential communication data to unauthorized users.

Useful 0 Not Useful 0