Rabbitmq Rabbitmq-Server vulnerabilities

CVE-2025-50200 [MEDIUM] CWE-532 CVE-2025-50200: RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging auth RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy t

CVE-2025-30219 [MEDIUM] CWE-79 CVE-2025-30219: RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophistica RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node

CVE-2024-51988 [MEDIUM] CWE-284 CVE-2024-51988: RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queu RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the `configure` permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HTTP API access. could delete queues it had no (deleti

CVE-2023-46118 [MEDIUM] CWE-400 CVE-2023-46118: RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP reques RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of

CVE-2022-31008 [MEDIUM] CWE-330 CVE-2022-31008: RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and fed RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably e

CVE-2021-32719 [LOW] CWE-80 CVE-2021-32719: RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a fe RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The

CVE-2021-32718 [LOW] CWE-80 CVE-2021-32718: RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new use RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user