An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.
{
"versions": [
{
"introduced": "0"
},
{
"fixed": "3.11.3"
},
{
"introduced": "3.12.0"
},
{
"fixed": "3.12.2"
},
{
"introduced": "0"
},
{
"last_affected": "3.12.3"
},
{
"introduced": "0"
},
{
"last_affected": "3.12.4"
},
{
"introduced": "0"
},
{
"last_affected": "3.12.5"
}
]
}