CVE-2023-35789

Vulnerability

The vulnerability exists in the RabbitMQ C client library (rabbitmq-c) through version 0.13.0. The command-line tools amqp-publish and amqp-consume accept credentials (username/password) as command-line arguments or as part of a URL passed with --url. This makes credentials visible to any local user who can list running processes and their arguments [1][2].

Exploitation

An attacker with local access to the system can use standard process listing tools (e.g., ps) to view the command line of the running tool, revealing the credentials in plain text. No authentication or special privileges are required beyond local user access.

Impact

Successful exploitation allows the attacker to obtain the RabbitMQ credentials, enabling unauthorized access to the message broker. This could lead to information disclosure, message manipulation, or denial of service depending on the broker's configuration.

Mitigation

As of the advisory, no official patched version has been released. A proposed fix is available in pull request #781, which adds an option to read credentials from a file or pipe [1]. Until a fix is integrated, users should avoid passing credentials on the command line and instead use environment variables or other secure configuration methods. No CVE-2023-35789 is listed in CISA's Known Exploited Vulnerabilities catalog.