VYPR

Rabbitmq Server

by Rabbitmq

Source repositories

CVEs (14)

  • CVE-2016-0929HigSep 18, 2016
    risk 0.49cvss 7.5epss 0.01

    The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that…

  • CVE-2026-44838HigMay 27, 2026
    risk 0.46cvss 8.1epss 0.00

    RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{client_id}-sensors$ to restrict user access to…

  • CVE-2015-8786MedDec 9, 2016
    risk 0.43cvss 6.5epss 0.04

    The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.

  • CVE-2024-51988MedNov 6, 2024
    risk 0.42cvss 6.5epss 0.00

    RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the `configure` permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target…

  • CVE-2025-50200MedJun 19, 2025
    risk 0.36cvss 5.5epss 0.00

    RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including…

  • CVE-2025-30219MedMar 25, 2025
    risk 0.33cvss 6.1epss 0.00

    RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in…

  • CVE-2023-46118MedOct 25, 2023
    risk 0.32cvss 4.9epss 0.01

    RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large…

  • CVE-2026-44839MedMay 27, 2026
    risk 0.24cvss 4.8epss 0.00

    RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13.

  • CVE-2022-31008MedOct 6, 2022
    risk 0.00cvss 5.5epss 0.00

    RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of…

  • CVE-2021-32719LowJun 28, 2021
    risk 0.00cvss 3.1epss 0.01

    RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper tag sanitization.…

  • CVE-2021-32718LowJun 28, 2021
    risk 0.00cvss 3.1epss 0.01

    RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `` tag sanitization, potentially allowing for…

  • CVE-2014-9650Jan 27, 2015
    risk 0.00cvss epss 0.03

    CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

  • CVE-2014-9649Jan 27, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.

  • CVE-2014-9494Jan 20, 2015
    risk 0.00cvss epss 0.01

    RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.