RabbitMQ prior to 3.4.0 allows remote malicious users to bypass the loopback_users restriction via a crafted X-Forwareded-For header.
pivotal software rabbitmq