Unrated severityNVD Advisory· Published Jun 19, 2025· Updated Jun 20, 2025
RabbitMQ Node can log Basic Auth header from an HTTP request
CVE-2025-50200
Description
RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.
Affected products
10<=3.13.7+ 1 more
- (no CPE)range: <=3.13.7
- (no CPE)range: <= 3.13.7
- osv-coords8 versionspkg:bitnami/rabbitmqpkg:rpm/opensuse/rabbitmq-server313&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rabbitmq-server&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rabbitmq-server&distro=openSUSE%20Tumbleweedpkg:rpm/suse/rabbitmq-server313&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/rabbitmq-server313&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/rabbitmq-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/rabbitmq-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7
< 4.0.8+ 7 more
- (no CPE)range: < 4.0.8
- (no CPE)range: < 3.13.1-150600.13.11.1
- (no CPE)range: < 3.8.11-150300.3.22.2
- (no CPE)range: < 3.13.7-5.1
- (no CPE)range: < 3.13.1-150600.13.11.1
- (no CPE)range: < 3.13.1-150600.13.11.1
- (no CPE)range: < 3.8.11-150300.3.22.2
- (no CPE)range: < 3.8.11-150300.3.22.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-gh3x-4x42-fvq8mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.