CVE-2024-51988

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 6, 2024

Updated: Nov 8, 2024

CWE ID 284

Summary

CVE-2024-51988 is a vulnerability affecting RabbitMQ, a popular messaging and streaming broker. In vulnerable versions, queue deletion through the HTTP API fails to verify the `configure` permission of the user. Consequently, users with valid credentials, some permissions for the target virtual host, and HTTP API access could delete queues they lacked deletion permissions for. This issue poses a risk to the security and integrity of RabbitMQ installations. Users are advised to upgrade to RabbitMQ version 3.12.11 or the corresponding versions in the tanzu release (1.5.2, 3.13.0, and 4.0.0) to address the vulnerability. Alternatively, users can disable the management plugin and employ alternative monitoring solutions such as Prometheus and Grafana.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database