Source: rabbitmq-server Version: 4.0.5-5 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for rabbitmq-server. CVE-2025-50200[0]: | RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and | prior, RabbitMQ is logging authorization headers in plaintext | encoded in base64. When querying RabbitMQ api with HTTP/s with basic | authentication it creates logs with all headers in request, | including authorization headers which show base64 encoded | username:password. This is easy to decode and afterwards could be | used to obtain control to the system depending on credentials. This | issue has been patched in version 4.0.8. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-50200 https://www.cve.org/CVERecord?id=CVE-2025-50200 [1] https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-gh3x-4x42-fvq8 Please adjust the affected versions in the BTS as needed. Regards, Salvatore

