AI Security AI安全 11h ago Updated 4h ago 更新于 4小时前 46

RabbitMQ Vulnerability Threatens Enterprise Systems RabbitMQ漏洞威胁企业系统

A critical vulnerability (CVE-2026-5721, CVSS 8.7) in RabbitMQ allows unauthenticated attackers to retrieve confidential OAuth secrets via an obsolete management endpoint. The flaw enables attackers to impersonate the broker to identity providers, obtain administrator tokens, and gain full control over users, messages, and queue settings. The issue affects configurations using OAuth 2/OIDC providers (e.g., Auth0, Azure AD) where the management port is accessible from untrusted networks. Patches RabbitMQ存在严重安全漏洞CVE-2026-5721(CVSS 8.7),未认证的恶意攻击者可从管理接口获取OAuth机密密钥。 攻击者利用泄露的密钥可冒充代理向身份提供商获取管理员令牌,从而完全控制用户、消息队列及配置。 该漏洞自2024年初引入,已在多个最新版本中修复,建议立即更新并检查管理端口的网络暴露情况。 同时修复了CVE-2026-57221(CVSS 5.3),防止已认证用户枚举队列和读取统计信息。

65
Hot 热度
60
Quality 质量
70
Impact 影响力

Analysis 深度分析

TL;DR

  • A critical vulnerability (CVE-2026-5721, CVSS 8.7) in RabbitMQ allows unauthenticated attackers to retrieve confidential OAuth secrets via an obsolete management endpoint.
  • The flaw enables attackers to impersonate the broker to identity providers, obtain administrator tokens, and gain full control over users, messages, and queue settings.
  • The issue affects configurations using OAuth 2/OIDC providers (e.g., Auth0, Azure AD) where the management port is accessible from untrusted networks.
  • Patches are available in versions 4.3.0, 4.2.6, 4.1.11, 4.0.20, and 3.13.15, addressing both the high-severity secret leak and a medium-severity enumeration flaw.

Why It Matters

This vulnerability highlights significant risks in enterprise messaging infrastructure, particularly for organizations relying on OAuth-based authentication for message brokers. It underscores the importance of securing management interfaces and regularly auditing legacy endpoints in mature software ecosystems to prevent unauthorized access to critical credentials.

Technical Details

  • Vulnerability Mechanism: An obsolete endpoint in the RabbitMQ management web interface exposes the OAuth client secret without requiring authentication, allowing retrieval by anyone with network access to the management port.
  • Impact Scope: Attackers can use the stolen secret to impersonate the broker to identity providers (such as Auth0, Azure AD/Entra ID, Keycloak, or UAA), thereby obtaining administrator tokens to manipulate queues, users, and broker configurations.
  • Affected Versions: The bug was introduced in RabbitMQ 3.13.0 (early 2024) and remains unpatched in older versions; it is fixed in 4.3.0, 4.2.6, 4.1.11, 4.0.20, and 3.13.15.
  • Secondary Flaw: The update also addresses CVE-2026-57221 (CVSS 5.3), a missing authorization issue allowing authenticated users to enumerate queues and exchanges, potentially revealing business intelligence.
  • Risk Factors: The severity is highest in cloud or multi-tenant setups where the management UI is inadvertently exposed to the internet or untrusted networks.

Industry Insight

  • Immediate Patching Required: Organizations using RabbitMQ with OAuth integration must upgrade to patched versions immediately or restrict network access to the management interface if upgrading is not feasible.
  • Credential Rotation: Even without evidence of in-the-wild exploitation, administrators should rotate OAuth client secrets to mitigate potential compromise, as the flaw persisted for over two years.
  • Network Segmentation: Strengthening network segmentation to isolate management ports from untrusted zones is crucial, especially in multi-tenant environments where lateral movement could lead to broader infrastructure compromise.

TL;DR

  • RabbitMQ存在严重安全漏洞CVE-2026-5721(CVSS 8.7),未认证的恶意攻击者可从管理接口获取OAuth机密密钥。
  • 攻击者利用泄露的密钥可冒充代理向身份提供商获取管理员令牌,从而完全控制用户、消息队列及配置。
  • 该漏洞自2024年初引入,已在多个最新版本中修复,建议立即更新并检查管理端口的网络暴露情况。
  • 同时修复了CVE-2026-57221(CVSS 5.3),防止已认证用户枚举队列和读取统计信息。

为什么值得看

对于使用RabbitMQ进行异步通信的企业而言,此漏洞揭示了身份验证集成中的潜在致命风险,可能导致整个消息中间件被接管。它提醒开发者在配置OAuth等外部身份提供商时,必须严格审查管理接口的访问控制和代码审计流程。

技术解析

  • 漏洞机制:CVE-2026-5721源于RabbitMQ管理Web界面中一个过时的端点,该端点在未启用身份验证的情况下返回OAuth客户端密钥。若管理员配置了用于身份提供商认证的保密密码,该密钥即可被任意访问管理端口的人获取。
  • 攻击路径:攻击者获取密钥后,可利用OAuth授权流程冒充RabbitMQ代理,从Auth0、Azure AD等提供商处骗取管理员令牌,进而获得对虚拟主机内所有资源的控制权。
  • 受影响版本与修复:漏洞存在于3.13.0至3.13.14等版本,已在4.3.0、4.2.6、4.1.11、4.0.20及3.13.15中修复。未配置客户端密钥或未安装管理插件的实例不受影响。
  • 次要漏洞:CVE-2026-57221允许任何已认证用户枚举队列和交换器并读取统计数据,虽风险较低但有助于攻击者进行情报收集。

行业启示

  • 强化边界防御:RabbitMQ管理界面绝不应直接暴露在互联网上,特别是在云或多租户环境中,必须实施严格的网络分段和访问控制列表(ACL)。
  • 定期轮换密钥:即使没有证据表明该漏洞已被野外利用,也应立即旋转受影响的OAuth客户端密钥,并将此纳入常规安全运维流程。
  • 重视遗留代码审计:此类长期存在的系统性不一致表明,成熟软件中的“静默”缺陷往往源于代码审查的盲区,需结合自动化对比工具与人工深度审查来消除隐患。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Open Source 开源 Security 安全