Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-50200

Опубликовано: 19 июн. 2025
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 16.2rabbitmq-serverOut of support scope
Red Hat OpenStack Platform 17.1rabbitmq-serverOut of support scope
Red Hat OpenStack Platform 18.0rabbitmq-serverFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-532
https://bugzilla.redhat.com/show_bug.cgi?id=2373901rabbitmq-server: RabbitMQ Node can log Basic Auth header from an HTTP request

EPSS

Процентиль: 4%
0.00021
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-50200

CVSS3: 5.5
ubuntu
около 2 месяцев назад

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.

nvd логотип

CVE-2025-50200

CVSS3: 5.5
nvd
около 2 месяцев назад

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.

debian логотип

CVE-2025-50200

CVSS3: 5.5
debian
около 2 месяцев назад

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and p ...

EPSS

Процентиль: 4%
0.00021
Низкий

4.4 Medium

CVSS3