Two critical access control vulnerabilities in the widely-deployed RabbitMQ message broker could allow attackers to steal OAuth secrets and bypass critical tenant isolation barriers, posing a severe threat to enterprises and cloud providers.

Cybersecurity firm Miggo discovered and reported the flaws, which target the broker's core authentication and authorization mechanisms. The first vulnerability enables the leakage of confidential OAuth 2.0 client secrets via the management interface. An attacker exploiting this could obtain valid credentials, potentially leading to unauthorized service impersonation within the messaging ecosystem.

More severe is the second flaw, which permits a bypass of virtual host (vhost) tenant isolation. In RabbitMQ, vhosts are the fundamental mechanism for partitioning resources and enforcing security boundaries between tenants. This weakness allows a malicious actor to enumerate metadata from queues across different vhosts, effectively shattering the isolation. For cloud service providers and enterprises running multi-tenant architectures, this directly undermines a cornerstone of their security and privacy model.

Miggo's findings illustrate a systemic risk common in open-source infrastructure: permission models that appear straightforward can contain subtle, exploitable bypass conditions. The ability to extract credentials and traverse tenant boundaries shows how a single access control weakness can cascade into a broader system compromise.

Organizations must treat this as an urgent priority. Immediate actions include applying vendor patches or implementing recommended mitigations. As critical compensating controls, security teams should immediately restrict network access to the RabbitMQ management interface—especially removing it from the internet—and conduct a thorough audit of vhost configurations. Enforcing the principle of least privilege for all services and users interacting with the broker is now essential.

The disclosure underscores the need for rigorous security review of dependencies and proactive vulnerability management. For any organization relying on RabbitMQ, whether for internal communication or customer-facing services, this is a clear call to action to secure their messaging infrastructure.


廣泛部署的 RabbitMQ 訊息代理器中發現兩個關鍵存取控制漏洞,攻擊者或可藉此盜取 OAuth 密鑰並繞過重要的租戶隔離機制,對企業及雲端服務供應商構成嚴重威脅。

網絡安全公司 Miggo 發現並通報了這些漏洞,它們針對代理器核心的驗證與授權機制。第一個漏洞可透過管理介面洩露機密的 OAuth 2.0 客戶端密鑰。攻擊者利用此漏洞可獲取有效憑證,或導致在訊息生態系統內進行未經授權的服務冒充。

第二個漏洞則更為嚴重,它允許繞過虛擬主機(vhost)的租戶隔離機制。在 RabbitMQ 中,vhost 是用於劃分資源及執行租戶間安全邊界的基本機制。此弱點使惡意行為者得以列舉來自不同 vhost 佇列的元資料,實質上破壞了隔離。對於採用多租戶架構的雲端服務供應商及企業而言,這直接削弱了其安全與私隱模型的基石。

Miggo 的發現揭示了開源基礎設施中常見的系統性風險:看似簡明的權限模型可能包含難以察覺但可被利用的繞過條件。能夠提取憑證並跨越租戶邊界,顯示單一的存取控制弱點如何引發更廣泛的系統性入侵。

各組織必須將此視為當務之急。立即採取的行動包括套用供應商補丁或實施建議的緩解措施。作為關鍵的補償性控制措施,安全團隊應立即限制對 RabbitMQ 管理介面的網絡存取——特別是將其從互聯網上移除——並對 vhost 配置進行徹底審計。現今,必須對所有與代理器互動的服務及用戶強制執行最小權限原則。

此次漏洞披露凸顯了對依賴項進行嚴格安全審查及主動漏洞管理的必要性。對於任何依賴 RabbitMQ 的組織——無論是用於內部通訊還是面向客戶的服務——這都是採取行動以確保其訊息基礎設施安全的明確呼籲。

新聞來源 / Original News Source