Description
The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restrictions and read messages from arbitrary Chat Rooms via unspecified vectors.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2627478
Patch x_refsource_confirm
https://www.drupal.org/node/2627428
Scores
EPSS
0.0123
EPSS Percentile
65.4%
Details
CWE
CWE-200
Status
published
Products (2)
chat_room_project/chat_room
7.x-2.0
chat_room_project/chat_room
7.x-2.1
Published
Dec 17, 2015
Tracked Since
Feb 18, 2026