CVE-2023-35789

ADVISORY - nist

Summary

An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.

EPSS Score⁠: 0.00018 (0.034)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-522⁠

Insufficiently Protected Credentials

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-522⁠

Insufficiently Protected Credentials

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.