Lucene search
K
BroadcomRabbitmq Server

25 matches found

CVE
CVE
added 2019/11/22 10:56 p.m.315 views

CVE-2019-11291

CVE-2019-11291 affects Pivotal RabbitMQ: 3.7.x before 3.7.20, 3.8.x before 3.8.1, and RabbitMQ for PCF (1.16.x before 1.16.7, 1.17.x before 1.17.4). The underlying issue is improper sanitization of input in the federation and shovel endpoints, enabling a remote authenticated attacker with adminis...

4.8CVSS4AI score0.00796EPSS
CVE
CVE
added 2019/11/22 11:26 p.m.309 views

CVE-2019-11287

CVE-2019-11287 affects Pivotal RabbitMQ and RabbitMQ for Pivotal Platform web management plugin. Versions 3.7.x before 3.7.21, 3.8.x before 3.8.1, and 1.16.x before 1.16.7 and 1.17.x before 1.17.4 are vulnerable. The vulnerability allows a crafted X-Reason HTTP header to inject a malicious Erlang...

7.5CVSS5.6AI score0.04519EPSS
CVE
CVE
added 2022/10/06 12:0 a.m.175 views

CVE-2022-31008

CVE-2022-31008 affects RabbitMQ where the shovel and federation plugins obfuscate URI state using an encryption key seeded with a predictable secret. This can, under certain plugin-related exceptions, reveal deobfuscatable data in node logs. Patched versions are 3.10.2, 3.9.18, and 3.8.32. If upg...

7.5CVSS6.1AI score0.00307EPSS
CVE
CVE
added 2026/05/27 3:3 p.m.167 views

CVE-2026-44838

RabbitMQ MQTT plugin contains a permission bypass vulnerability: topic-level authorization uses user-supplied client_id substituted into a regex pattern without escaping. From 4.2.0 up to before 4.2.4, an authenticated MQTT user could inject regex operators to bypass topic restrictions. The issue...

8.1CVSS5.8AI score0.0025EPSS
CVE
CVE
added 2016/12/29 9:2 a.m.121 views

CVE-2016-9877

CVE-2016-9877 affects Pivotal RabbitMQ 3.x (before 3.5.8) and 3.6.x (before 3.6.6), and RabbitMQ for PCF 1.5.x (before 1.5.20), 1.6.x (before 1.6.12), and 1.7.x (before 1.7.7). The issue allows MQTT authentication to succeed when a username is provided but the password is omitted from the connect...

9.8CVSS8.5AI score0.01378EPSS
CVE
CVE
added 2025/06/19 4:14 p.m.120 views

CVE-2025-50200

CVE-2025-50200 affects RabbitMQ Server prior to 4.0.8, where the software logs HTTP Basic Auth headers in plaintext (base64-encoded user:pass) from requests to the management API. Affected: RabbitMQ Server versions

6.7CVSS6.6AI score0.00194EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.106 views

CVE-2017-4966

CVE-2017-4966 affects RabbitMQ server and RabbitMQ for PCF. The vulnerability is in the RabbitMQ management UI , which stores signed-in user credentials in the browser’s localStorage with no expiration, enabling retrieval via a chained attack. Affected versions include all 3.4.x, all 3.5.x, and 3...

7.8CVSS7.2AI score0.00394EPSS
CVE
CVE
added 2026/05/27 3:7 p.m.103 views

CVE-2026-44839

RabbitMQ vulnerability (CVE-2026-44839) affects the RabbitMQ server management UI due to unsanitized vhost names, enabling cross-site scripting. Affected versions are 3.7.0 up to but not including 4.1.2 and 4.0.13. The issue is fixed in 4.1.2 and 4.0.13. No exploitation status is provided in the ...

5.6CVSS5.8AI score0.0018EPSS
CVE
CVE
added 2021/05/18 12:47 p.m.98 views

CVE-2021-22117

RabbitMQ on Windows prior to version 3.8.16 is vulnerable: the installer does not harden the plugin directory permissions, so an attacker with sufficient local filesystem access can add arbitrary plugins and potentially achieve code execution on the running server. Affected component is the Windo...

7.8CVSS7.4AI score0.00611EPSS
CVE
CVE
added 2015/01/27 5:0 p.m.85 views

CVE-2014-9649

CVE-2014-9649 is a cross-site scripting (XSS) vulnerability in the RabbitMQ management plugin. The issue occurs in the /api/ path handling during error messages, allowing a remote attacker to inject arbitrary web script or HTML. Affected are RabbitMQ versions from 2.1.0 up to 3.4.x before 3.4.1. ...

4.3CVSS5.6AI score0.02313EPSS
Web
CVE
CVE
added 2017/06/13 6:0 a.m.85 views

CVE-2017-4965

CVE-2017-4965: Several forms in the RabbitMQ management UI are vulnerable to XSS in affected releases (RabbitMQ: 3.4.x, 3.5.x, 3.6.x before 3.6.9; RabbitMQ for PCF: 1.5.x, 1.6.x before 1.6.18, 1.7.x before 1.7.15). Debian DLA-2710 lists this alongside CVEs 4966/4967 with a fix for 3.6.6-1+deb9u1;...

6.1CVSS5.8AI score0.03329EPSS
CVE
CVE
added 2015/01/27 5:0 p.m.81 views

CVE-2014-9650

RabbitMQ server (versions 2.1.0–3.4.x, before 3.4.1) contains a CRLF injection vulnerability in the management plugin. The /api/definitions download parameter can inject arbitrary HTTP headers, enabling HTTP response splitting. This remote issue could expose or affect data in responses; no exploi...

5CVSS6.9AI score0.02622EPSS
Web
CVE
CVE
added 2017/06/13 6:0 a.m.81 views

CVE-2017-4967

CVE-2017-4967 : RabbitMQ and RabbitMQ for PCF have multiple forms in the management UI vulnerable to XSS across 3.4.x, 3.5.x, and 3.6.x prior to 3.6.9 (and related PCF versions). The root cause is unsanitized input in management UI forms, enabling cross-site scripting. Impact is limited to the ma...

6.1CVSS5.9AI score0.01915EPSS
CVE
CVE
added 2020/08/31 3:5 p.m.72 views

CVE-2020-5419

RabbitMQ 3.8.x before 3.8.7 on Windows is vulnerable to a Windows-specific binary planting flaw that enables local arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access can perform a local binary hijack to run code on the system. Remed...

6.7CVSS6.9AI score0.00452EPSS
CVE
CVE
added 4 days ago57 views

CVE-2026-57219

RabbitMQ suffers an unauthenticated disclosure vulnerability in the management API: the obsolete GET /api/auth endpoint can reveal the OAuth 2 client secret on installations configured with management.oauth_client_secret prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. The issue arises when ...

8.7CVSS6.1AI score0.0033EPSS
CVE
CVE
added 4 days ago51 views

CVE-2026-57221

RabbitMQ vulnerability CVE-2026-57221 affects passive queue.declare and exchange.declare operations in AMQP 0-9-1. Prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6, authenticated users who can connect to a virtual host could enumerate queue and exchange names and read queue message and consum...

5.3CVSS6.1AI score0.00269EPSS
CVE
CVE
added 4 days ago13 views

CVE-2026-57211

CVE-2026-57211 affects RabbitMQ on Windows where the management plugin’s static file handler (rabbit_mgmt_wm_static) can pass URL-encoded backslashes to erl_prim_loader:read_file_info before path validation when multiple management extension plugins are enabled. This leads to outbound DNS and SMB...

10CVSS6.1AI score0.00278EPSS
CVE
CVE
added 4 days ago13 views

CVE-2026-57217

RabbitMQ topic authorization vulnerability (CVE-2026-57217) affects multiple release lines. Before versions 3.13.15, 4.0.21, 4.1.11, and 4.2.6, topic-permission lookup errors during metadata-store failures from Khepri can collapse to undefined, which the internal backend may treat as allow, poten...

7CVSS6.1AI score0.00269EPSS
CVE
CVE
added 4 days ago13 views

CVE-2026-57218

RabbitMQ AMQP 0-9-1 vulnerability (CVE-2026-57218) allows an existing consumer to continue receiving messages after OAuth token expiry or update_secret refresh, due to channel user state changes not triggering reauthorization at delivery time. Root cause: existing consumers are not canceled or re...

6.5CVSS6.1AI score0.00269EPSS
CVE
CVE
added 4 days ago12 views

CVE-2026-57212

CVE-2026-57212 – RabbitMQ management HTTP API oversized request bodies . The issue affects RabbitMQ’s management HTTP API, where oversized valid JSON bodies can be accepted on the with_decode and direct_request paths because read_complete_body checks the accumulated size before the final chunk bu...

7.7CVSS6.1AI score0.00293EPSS
CVE
CVE
added 4 days ago12 views

CVE-2026-57220

RabbitMQ (server) prior to 4.2.6 is vulnerable in the stream listener: during authentication and before Tune negotiation, it does not enforce the configured stream frame-size limit. An unauthenticated remote client can declare oversized frame lengths, potentially exhausting broker memory via rabb...

7.5CVSS6.1AI score0.00429EPSS
CVE
CVE
added 4 days ago11 views

CVE-2026-57215

RabbitMQ vulnerability CVE-2026-57215 affects the broker’s binding logic for amq.rabbitmq.reply-to destinations. Before fixes, volatile direct-reply-to queues could be bound and routed even if not properly checked by Khepri-backed deletion checks, leaving persistent route entries after unbind. Af...

8.8CVSS6.1AI score0.00245EPSS
CVE
CVE
added 4 days ago11 views

CVE-2026-57216

CVE-2026-57216 affects RabbitMQ server prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. The issue occurs when authentication via AMQP 0-9-1, AMQP 1.0, or Stream Protocol allows a loopback-restricted user (e.g., guest) to connect remotely if traffic is accepted through a trusted PROXY-protoco...

10CVSS6.1AI score0.00341EPSS
CVE
CVE
added 4 days ago10 views

CVE-2026-57213

RabbitMQ’s rabbitmq_federation_management plugin is vulnerable to stored XSS on the Federation Status page because consumer_tag is rendered without HTML escaping. Prior to the fixed releases (3.13.14, 4.0.19, 4.1.10, 4.2.5), a user who can configure a federation upstream or policy could inject co...

5.7CVSS6.2AI score0.00325EPSS
CVE
CVE
added 4 days ago7 views

CVE-2026-57214

This CVE affects RabbitMQ’s management UI prior to version 4.2.5. The vulnerability arises when the management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages, enabling stored cross-site scripting ...

7.1CVSS6.2AI score0.00304EPSS