Imhades101

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat versions prior to 6.12.0 **Description** Rocket.Chat is a communications platform. Versions up to 6.12.0 have an issue where the API endpoint `'/api/v1/oauth-apps.get'` is accessible to any authenticated user, irrespective of their role or permissions. This allows retrieval of OAuth application details, including potentially sensitive information like `client id` and `client secret`, if the user knows the application ID. **Recommendations** Update to version 6.12.0 or later.