Ubuntu.comUB:CVE-2022-31008CVE-2022-31008
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
45.0%
RabbitMQ is a multi-protocol messaging and streaming broker. In affected
versions the shovel and federation plugins perform URI obfuscation in their
worker (link) state. The encryption key used to encrypt the URI was seeded
with a predictable secret. This means that in case of certain exceptions
related to Shovel and Federation plugins, reasonably easily deobfuscatable
data could appear in the node log. Patched versions correctly use a
cluster-wide secret for that purpose. This issue has been addressed and
Patched versions: 3.10.2, 3.9.18, 3.8.32 are available. Users unable
to upgrade should disable the Shovel and Federation plugins.
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
45.0%