Information Exposure Through Log Files Affecting rabbitmq-server package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Information Exposure Through Log Files vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-DEBIANUNSTABLE-RABBITMQSERVER-10441865
- published20 Jun 2025
- disclosed19 Jun 2025
Introduced: 19 Jun 2025
NewCVE-2025-50200 (opens in a new tab)How to fix?
There is no fixed version for Debian:unstable rabbitmq-server.
NVD Description
Note: Versions mentioned in the description apply only to the upstream rabbitmq-server package and not the rabbitmq-server package as distributed by Debian.
See How to fix? for Debian:unstable relevant fixed versions and status.
RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.