CNNVD-202601-2393 Information

CNNVD ID

CNNVD-202601-2393

Related CVE

CVE-2026-23477

• CNNVD Published: 2026-01-14

Description (Chinese)

Rocket.Chat是Rocket.Chat公司的一个聊天软件。 Rocket.Chat 6.12.0及之前版本存在安全漏洞，该漏洞源于API端点GET /api/v1/oauth-apps.get向任何经过身份验证的用户暴露，可能导致敏感信息泄露。

Description (English)

Rocket.Chat is a chat software for Rocket.Chat. Rocket.Chat 6.11.2.0 and previous versions contain a security loophole that originates from the exposure of the API endpoint GET /api/v1/oauth-apps.get to any identified user and may lead to the disclosure of sensitive information.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Rocket.Chat

Published

2026-01-14

Last Modified

2026-02-24

References

https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-g4wm-fg3c-g4p2 https://access.redhat.com/security/cve/cve-2026-23477

Patch

https://github.com/RocketChat/Rocket.Chat/releases