Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rabbitmq vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-31008
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of ce...
Vmware Rabbitmq
NA
CVE-2023-46118
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages...
Vmware Rabbitmq
312
VMScore
CVE-2021-32719
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitizat...
Vmware Rabbitmq
312
VMScore
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing f...
Vmware Rabbitmq
294
VMScore
CVE-2018-1279
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to...
Pivotal Software Rabbitmq
1 Github repository
NA
CVE-2023-24447
A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and previous versions allows malicious users to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.
Jenkins Rabbitmq Consumer
445
VMScore
CVE-2014-9494
RabbitMQ prior to 3.4.0 allows remote malicious users to bypass the loopback_users restriction via a crafted X-Forwareded-For header.
Pivotal Software Rabbitmq
NA
CVE-2023-24448
A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.
Jenkins Rabbitmq Consumer
668
VMScore
CVE-2020-36282
JMS Client for RabbitMQ 1.x prior to 1.15.2 and 2.x prior to 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.
Rabbitmq Jms Client
890
VMScore
CVE-2020-35196
The official rabbitmq docker images prior to 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote malicious user to achieve root ...
Docker Rabbitmq Docker Image
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »