Rabbitmq Server Security Vulnerabilities and Issues — Rabbitmq Server CVE List

Lucene search

RabbitmqRabbitmq Server

7 matches found

CVE•added 2023/10/25 6:17 p.m.•244 views

CVE-2023-46118

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API ...

4.9CVSS5.1AI score0.00258EPSS

CVE•added 2021/06/28 4:15 p.m.•169 views

CVE-2021-32719

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmq_federation_management plugin, its consumer tag was rendered without proper [removed] tag sanitization. This potentially allo...

4.8CVSS5.1AI score0.00078EPSS

CVE•added 2021/06/28 3:15 p.m.•147 views

CVE-2021-32718

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper [removed] tag sanitization, potentially allowing for JavaScript code execution in...

5.4CVSS5.1AI score0.00072EPSS

CVE•added 2022/10/06 6:16 p.m.•146 views

CVE-2022-31008

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions re...

7.5CVSS6.1AI score0.0005EPSS

CVE•added 2024/11/06 8:15 p.m.•104 views

CVE-2024-51988

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HTTP...

6.5CVSS6.3AI score0.00078EPSS

CVE•added 2025/03/25 11:15 p.m.•84 views

CVE-2025-30219

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of manage...

6.1CVSS6.7AI score0.00159EPSS

CVE•added 2025/06/19 5:15 p.m.•12 views

CVE-2025-50200

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which s...

6.7CVSS6.6AI score0.00021EPSS