#VU100046 Improper privilege management in RabbitMQ Server - CVE-2024-51988

Cybersecurity Help s.r.o.

Published: 2024-11-07

Vulnerability identifier: #VU100046

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-51988

CWE-ID: CWE-269

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
RabbitMQ Server
Server applications / Other server solutions

Vendor: VMware, Inc

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper privilege management within the API. A remote user can delete queues without having necessary permissions for this action.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

RabbitMQ Server: 3.12.7 - 3.12.10

External links
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-pj33-75x5-32j4

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper privilege management in RabbitMQ Server