HIGH7.8CVE-2021-22117RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with suff… >= 3.8.0, < 3.8.16
HIGH7.5CVE-2022-31008Predictable credential obfuscation seed value used in rabbitmq-server from 0, < 3.8.32
HIGH7.5CVE-2021-22116RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client co… from 0, < 3.8.16
MEDIUM6.7RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary cod…
>= 3.8.0, < 3.8.7
MEDIUM6.5HTTP API's queue deletion endpoint does not verify that the user has a required permission
>= 3.12.7, < 3.12.11
MEDIUM6.1RabbitMQ has XSS Vulnerability in an Error Message in Management UI
from 0, < 4.0.3
MEDIUM5.5RabbitMQ Node can log Basic Auth header from an HTTP request
from 0, < 4.0.8
MEDIUM5.4Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI
from 0, < 3.8.17
MEDIUM4.9rabbitmq-server - security update
from 0, < 3.11.24, >= 3.12.0, < 3.12.7
MEDIUM4.8RabbitMQ: Unsanitized vhost names allow for XSS in management UI
>= 3.7.0, < 4.0.13, >= 4.1.0, < 4.1.2
MEDIUM4.8Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ federation management plugin
from 0, < 3.8.18
—RabbitMQ MQTT Topic Permission Authorization Bypass
>= 4.2.0, < 4.2.4