CVE-2025-50200

Medium CVSS: 6.7

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.

Vendor

Broadcom

Product

Rabbitmq Server

CWE

CWE-532

Yayın Tarihi

2025-06-19 17:15:26

Güncelleme

2025-08-06 18:28:43

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-532 Rabbitmq Server MEDIUM Broadcom 2025

Referanslar

https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-gh3x-4x42-fvq8

Benzer Kayıtlar

High

CVE-2026-0869

Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Broca…

High

CVE-2025-9711

A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user…

Medium

CVE-2025-58381

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using…

Medium

CVE-2025-58380

A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the…

High

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash she…

High

CVE-2025-58382

A vulnerability in the secure configuration of authentication and management services in Brocade Fabric OS before Fabri…