Rabbitmq
by Voxpupuli
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25112 | Hig | 0.51 | 7.8 | — | May 26, 2026 | A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack. | ||
| CVE-2024-1156 | 0.00 | — | 0.00 | Feb 20, 2024 | Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. | |||
| CVE-2023-35789 | 0.00 | — | 0.00 | Jun 16, 2023 | An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. | |||
| CVE-2020-5419 | 0.00 | — | 0.00 | Aug 31, 2020 | RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local… | |||
| CVE-2019-11291 | 0.00 | — | 0.00 | Nov 22, 2019 | Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote… | |||
| CVE-2019-11281 | 0.00 | — | 0.01 | Oct 16, 2019 | Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not… | |||
| CVE-2014-9568 | 0.00 | — | 0.00 | Feb 3, 2015 | puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter. |
- risk 0.51cvss 7.8epss —
A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack.
- CVE-2024-1156Feb 20, 2024risk 0.00cvss —epss 0.00
Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges.
- CVE-2023-35789Jun 16, 2023risk 0.00cvss —epss 0.00
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.
- CVE-2020-5419Aug 31, 2020risk 0.00cvss —epss 0.00
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local…
- CVE-2019-11291Nov 22, 2019risk 0.00cvss —epss 0.00
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote…
- CVE-2019-11281Oct 16, 2019risk 0.00cvss —epss 0.01
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not…
- CVE-2014-9568Feb 3, 2015risk 0.00cvss —epss 0.00
puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter.