{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T08:02:34.044","vulnerabilities":[{"cve":{"id":"CVE-2026-23477","sourceIdentifier":"security-advisories@github.com","published":"2026-01-14T19:16:47.990","lastModified":"2026-06-17T10:21:39.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0."},{"lang":"es","value":"Rocket.Chat es una plataforma de comunicaciones de código abierto, segura y totalmente personalizable. En las versiones de Rocket.Chat hasta la 6.12.0, el endpoint de la API GET /api/v1/oauth-apps.get está expuesto a cualquier usuario autenticado, independientemente de su rol o permisos. Este endpoint devuelve una aplicación OAuth, siempre que el usuario conozca su ID, incluyendo campos potencialmente sensibles como client_id y client_secret. Esta vulnerabilidad está corregida en la 6.12.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"RocketChat","product":"Rocket.Chat","versions":[{"version":"< 6.12.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-14T21:13:59.771321Z","id":"CVE-2026-23477","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.0","matchCriteriaId":"BDDC551C-B721-4452-91D8-D53E1316D806"}]}]}],"references":[{"url":"https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-g4wm-fg3c-g4p2","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]}]}}]}