SB2022111301 - Information disclosure in RabbitMQ Server
Published: November 13, 2022
Security Bulletin ID
SB2022111301
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of insufficiently random values (CVE-ID: CVE-2022-31008)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exist due to insufficient randomization in Shovel and Federation plugins when obfuscating URI. The encryption key used to encrypt the URI was seeded with a predictable secret. A remote attacker can gain access to sensitive information.
Remediation
Install update from vendor's website.