
RabbitMQ flaws expose OAuth secrets, risk complete takeover of the broker
RabbitMQ has patched two access control vulnerabilities affecting the widely used open-source message broker that could expose enterprise application data and, in some deployments, allow attackers to gain complete control over the messaging infrastructure.
The flaws, discovered by Miggo Security, exposed OAuth secrets to unauthenticated attackers, letting low-privileged users potentially spy on other tenants.
“RabbitMQ is the plumbing that moves data between services inside modern applications: orders, payments, authentication events, internal notifications,” Miggo researchers explained in a report shared with CSO ahead of its publication on Monday. “RabbitMQ is downloaded more than 15 milli...