Rocket.Chat: Risk of Message Forgery via UpdateOTRAck Method

In Rocket.Chat versions 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier a low severity vulnerability CVE-2024-46936 was detected. Rocket.Chat is vulnerable to message forgery, allowing attackers to impersonate other users and send fake messages. To fix this problem, users should upgrade to version 6.13.0, 6.12.1, and the backported versions 6.11.3, 6.10.6, 6.9.7, 6.8.7, and 6.7.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-46936.