Lucene search

Veracode Vulnerability DatabaseVERACODE:37446

HistoryOct 09, 2022 - 12:42 a.m.

Information Disclosure

2022-10-0900:42:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

rabbitmq-server

vulnerability

information disclosure

encryption keys

shovel plugin

federation plugin

attackers

sensitive information

0.001 Low

EPSS

Percentile

45.0%

JSON

rabbitmq-server is vulnerable to information disclosure. The vulnerability is due to a lack of validated encryption keys in shovel and federation plugins which allows attackers to obtain sensitive information.

CPENameOperatorVersion
rabbitmq-server:sideq3.8.9-1
rabbitmq-server:bookwormeq3.8.9-3
rabbitmq-server:sideq3.8.9-1
rabbitmq-server:bookwormeq3.8.9-3

Name	Operator	Version
rabbitmq-server:sid	eq	3.8.9-1
rabbitmq-server:bookworm	eq	3.8.9-3
rabbitmq-server:sid	eq	3.8.9-1
rabbitmq-server:bookworm	eq	3.8.9-3

References

github.com/rabbitmq/rabbitmq-server/pull/4841

github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8

security-tracker.debian.org/tracker/CVE-2022-31008

www.cve.org/CVERecord?id=CVE-2022-31008

0.001 Low

EPSS

Percentile

45.0%

JSON

Related for VERACODE:37446