CVE-2025-50200

Опубликовано: 19 июн. 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 5.5

Описание

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.

Релиз	Статус	Примечание
devel	released	4.0.5-8ubuntu2
esm-infra/bionic	not-affected
esm-infra/focal	not-affected
esm-infra/xenial	not-affected
jammy	not-affected	3.9.27-0ubuntu0.2
noble	not-affected	3.12.1-1ubuntu1.2
oracular	ignored	end of life, was needs-triage
plucky	released	4.0.5-2ubuntu2.1
upstream	released	4.0.5-9,4.0.8

Показывать по

Ссылки на источники

EPSS

Процентиль: 4%

0.00021

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-50200

CVSS3: 4.4

redhat

5 месяцев назад

CVE-2025-50200

CVSS3: 5.5

nvd

5 месяцев назад

CVE-2025-50200

msrc

2 месяца назад

RabbitMQ Node can log Basic Auth header from an HTTP request

CVE-2025-50200

CVSS3: 5.5

debian

5 месяцев назад

RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and p ...

SUSE-SU-2025:3809-1

suse-cvrf

11 дней назад

Security update for rabbitmq-server

EPSS

Процентиль: 4%

0.00021

Низкий

5.5 Medium

CVSS3

CVE-2025-50200

Описание

Пакет rabbitmq-server

Ссылки на источники

Связанные уязвимости