Published: 16/06/2023 Updated: 26/06/2023

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

An issue exists in the C AMQP client library (aka rabbitmq-c) up to and including 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rabbitmq-c project rabbitmq-c

Synopsis Moderate: librabbitmq security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for librabbitmq is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as hav ...

Synopsis Moderate: librabbitmq security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for librabbitmq is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as hav ...

DescriptionThe MITRE CVE dictionary describes this issue as: An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0130 for RabbitMQ Credentials can only be entered on the command line (eg, for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-522 https://github.com/alanxz/rabbitmq-c/issues/575 https://github.com/alanxz/rabbitmq-c/pull/781 https://access.redhat.com/errata/RHSA-2023:6482 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11 https://access.redhat.com/security/cve/cve-2023-35789

CVE-2023-35789

Vulnerability Summary

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect