CVE-2023-35789

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-35789

CGA ID

CGA-q58f-v2fr-52rf

Severity

5.5

Medium

CVSS V3

Description

An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.

References

https://images.chainguard.dev/security/CGA-q58f-v2fr-52rf
https://github.com/advisories/GHSA-cj9f-gcwh-7q49
https://github.com/alanxz/rabbitmq-c/pull/781
https://github.com/alanxz/rabbitmq-c/issues/575
https://security.alpinelinux.org/vuln/CVE-2023-35789
https://security-tracker.debian.org/tracker/CVE-2023-35789

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2023-35789

Severity

Description

References

Affected packages

Product

Why Chainguard

Customers

Company

Resources