CVE-2024-51988

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 6, 2024
Updated: Nov 8, 2024
CWE ID 284

Summary

CVE-2024-51988 is a vulnerability affecting RabbitMQ, a popular messaging and streaming broker. In vulnerable versions, queue deletion through the HTTP API fails to verify the `configure` permission of the user. Consequently, users with valid credentials, some permissions for the target virtual host, and HTTP API access could delete queues they lacked deletion permissions for. This issue poses a risk to the security and integrity of RabbitMQ installations. Users are advised to upgrade to RabbitMQ version 3.12.11 or the corresponding versions in the tanzu release (1.5.2, 3.13.0, and 4.0.0) to address the vulnerability. Alternatively, users can disable the management plugin and employ alternative monitoring solutions such as Prometheus and Grafana.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share