{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23477", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-13T15:47:41.627Z", "datePublished": "2026-01-14T18:16:05.178Z", "dateUpdated": "2026-01-14T21:14:08.081Z"}, "containers": {"cna": {"title": "Rocket.Chat Unauthorized Access to OAuth App Details", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "lang": "en", "description": "CWE-269: Improper Privilege Management", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-g4wm-fg3c-g4p2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-g4wm-fg3c-g4p2"}], "affected": [{"vendor": "RocketChat", "product": "Rocket.Chat", "versions": [{"version": "< 6.12.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-14T18:16:05.178Z"}, "descriptions": [{"lang": "en", "value": "Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0."}], "source": {"advisory": "GHSA-g4wm-fg3c-g4p2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-14T21:13:59.771321Z", "id": "CVE-2026-23477", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-14T21:14:08.081Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23477", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-14T21:13:59.771321Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-14T21:14:04.416Z"}}], "cna": {"title": "Rocket.Chat Unauthorized Access to OAuth App Details", "source": {"advisory": "GHSA-g4wm-fg3c-g4p2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "RocketChat", "product": "Rocket.Chat", "versions": [{"status": "affected", "version": "< 6.12.0"}]}], "references": [{"url": "https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-g4wm-fg3c-g4p2", "name": "https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-g4wm-fg3c-g4p2", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-14T18:16:05.178Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23477", "state": "PUBLISHED", "dateUpdated": "2026-01-14T21:14:08.081Z", "dateReserved": "2026-01-13T15:47:41.627Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-14T18:16:05.178Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDDC551C-B721-4452-91D8-D53E1316D806", "versionEndExcluding": "6.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0."}], "id": "CVE-2026-23477", "lastModified": "2026-01-26T18:03:24.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-14T19:16:47.990", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-g4wm-fg3c-g4p2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}, {"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T19:13:06.032447+00:00", "value": {"mitigation_remediation": ["Update Rocket.Chat to version 6.12.0 or later to remove the vulnerable endpoint", "Restrict access to the /api/v1/oauth-apps.get endpoint by adding role\u2011based permissions or disabling the endpoint for non\u2011admin users", "After applying the patch, review existing OAuth applications, rotate client secrets, and monitor logs for unusual API usage"], "summary": {"action": "Patch immediately", "impact": "Unauthorized disclosure of OAuth client credentials"}, "threat_synthesis": {"affected_systems": "The affected vendor is Rocket.Chat. The product is the Rocket.Chat open\u2011source communications platform. In all releases earlier than 6.12.0 the vulnerable API endpoint is present. Versions newer than 6.12.0 contain the fix.", "description_and_impact": "Rocket.Chat servers running versions 6.12.0 or earlier allow any authenticated user to call GET /api/v1/oauth-apps.get, which returns the OAuth application data for a known application ID. The endpoint exposes sensitive fields such as client_id and client_secret. This flaw permits an attacker to read credentials that are intended to be protected, potentially enabling unauthorized API calls, data leakage, and compromise of the communication platform. The weakness maps to CWE\u2011269 and CWE\u2011862.", "risk_and_exploitability": "The CVSS score of 7.7 indicates a high severity impact. The EPSS value of less than 1\u00a0% suggests that the probability of exploitation is low, but the attack requires only a valid authenticated session and knowledge of an application ID. Based on the description, the ability to enumerate or guess application IDs is inferred; it is not directly stated in the input but is a reasonable deduction. Because the vulnerability is limited to the disclosure of credential information and does not allow arbitrary code execution, it is primarily a confidentiality breach. The issue is not listed in the CISA KEV catalog, so no known active exploits are reported yet."}}}}, "created": "2026-01-15T08:03:21.164036+00:00", "updated": "2026-04-18T19:15:10.616566+00:00", "vendors": ["rocketchat", "rocketchat$PRODUCT$rocket.chat"]}