From 047a7231a320cbd84590e5465b55845211fbc445 Mon Sep 17 00:00:00 2001
From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com>
Date: Wed, 1 Jun 2022 13:44:10 +0200
Subject: [PATCH 1/2] add ref + rem

---
 vulnerabilities/rocketchat/unauth-message-read.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/vulnerabilities/rocketchat/unauth-message-read.yaml b/vulnerabilities/rocketchat/unauth-message-read.yaml
index 5ec32d7a37..b0e7c0899f 100644
--- a/vulnerabilities/rocketchat/unauth-message-read.yaml
+++ b/vulnerabilities/rocketchat/unauth-message-read.yaml
@@ -7,6 +7,8 @@ info:
   description: An issue with the Live Chat accepting invalid parameters could potentially allow unauthenticated access to messages and user tokens.
   reference:
     - https://docs.rocket.chat/guides/security/security-updates
+    - https://securifyinc.com/disclosures/rocketchat-unauthenticated-access-to-messages
+  remediation: Fixed on 3.11, 3.10.5, 3.9.7, 3.8.8.
   tags: rocketchat,unauth
 
 requests:

From 85050febf79b4971c3b8077286559b350a61b6f4 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Wed, 1 Jun 2022 18:51:48 +0530
Subject: [PATCH 2/2] Update unauth-message-read.yaml

---
 .../rocketchat/unauth-message-read.yaml          | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/vulnerabilities/rocketchat/unauth-message-read.yaml b/vulnerabilities/rocketchat/unauth-message-read.yaml
index b0e7c0899f..160dee7565 100644
--- a/vulnerabilities/rocketchat/unauth-message-read.yaml
+++ b/vulnerabilities/rocketchat/unauth-message-read.yaml
@@ -4,11 +4,13 @@ info:
   name: RocketChat Unauthenticated Read Access
   author: rojanrijal
   severity: critical
-  description: An issue with the Live Chat accepting invalid parameters could potentially allow unauthenticated access to messages and user tokens.
+  description: |
+    An issue with the Live Chat accepting invalid parameters could potentially allow unauthenticated access to messages and user tokens.
   reference:
     - https://docs.rocket.chat/guides/security/security-updates
     - https://securifyinc.com/disclosures/rocketchat-unauthenticated-access-to-messages
-  remediation: Fixed on 3.11, 3.10.5, 3.9.7, 3.8.8.
+  remediation: |
+    Fixed on 3.11, 3.10.5, 3.9.7, 3.8.8.
   tags: rocketchat,unauth
 
 requests:
@@ -32,12 +34,14 @@ requests:
 
     matchers-condition: and
     matchers:
-      - type: status
-        status:
-          - 200
+
       - type: word
+        part: body
         words:
           - '"{\"msg\":\"result\",\"result\":{\"messages\"'
           - '"success":true'
-        part: body
         condition: and
+
+      - type: status
+        status:
+          - 200