CVE-2024-51988

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 6, 2024
CWE ID 284

Summary

CVE-2024-51988 is a vulnerability affecting RabbitMQ, a popular messaging and streaming broker. In certain versions, the HTTP API allows for unauthorized queue deletion by users who hold valid credentials, some permissions for the target virtual host, and HTTP API access. This issue enables users to delete queues for which they have no deletion permissions. Version 3.12.11 of the open source RabbitMQ release and versions 1.5.2, 3.13.0, and 4.0.0 of the Tanzu release have addressed this vulnerability. Users are strongly advised to upgrade as soon as possible. Those unable to upgrade can disable the management plugin and implement alternative monitoring solutions, such as Prometheus and Grafana.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share