Information disclosure in RabbitMQ Java Client Library - #VU137274
Published: July 9, 2026
RabbitMQ Java Client Library
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to exposure of plaintext credentials in ConnectionFactory.getPassword() when retrieving stored connection credentials. A local user can read the returned password value to disclose sensitive information.
This may increase the risk of credential exposure in logs or stack traces.