Cleartext transmission of sensitive information in RabbitMQ Java Client Library - #VU137273

 

Cleartext transmission of sensitive information in RabbitMQ Java Client Library - #VU137273

Published: July 9, 2026


Vulnerability identifier: #VU137273
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-319
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: VMware, Inc
Affected software:
RabbitMQ Java Client Library

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to cleartext transmission of credentials in the default connection configuration when using the default plaintext port with PLAIN SASL. A remote attacker can observe network traffic to disclose sensitive information.

The default port is 5672, and credentials may be sent unencrypted in this configuration.


Remediation

Install security update from vendor's website.

Sources