Information disclosure in RabbitMQ Java Client Library - #VU137274

 

Information disclosure in RabbitMQ Java Client Library - #VU137274

Published: July 9, 2026


Vulnerability identifier: #VU137274
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: VMware, Inc
Affected software:
RabbitMQ Java Client Library

Detailed vulnerability description

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to exposure of plaintext credentials in ConnectionFactory.getPassword() when retrieving stored connection credentials. A local user can read the returned password value to disclose sensitive information.

This may increase the risk of credential exposure in logs or stack traces.


Remediation

Install security update from vendor's website.

Sources