Horizon Alert
Summary of the vulnerability and why it matters
This advisory concerns a critical vulnerability in RabbitMQ, a messaging and streaming broker, that could allow an attacker to trigger outbound network requests to malicious servers. The issue arises from how the management plugin handles certain file paths, potentially leading to sensitive information exposure or system compromise through DNS or SMB requests.
- Remote attackers can trigger network requests.
- Matters if RabbitMQ management plugin is exposed.
- Confirm relevance and confirm exposure.
Attack Path
How an attacker could exploit the issue
An attacker could reach this vulnerability by sending specially crafted web requests to an exposed RabbitMQ management interface. If multiple management extension plugins are enabled, the handler for static files might incorrectly process URL-encoded backslashes. This could allow an attacker to trick the server into making outbound DNS and SMB requests to a location they control.
- Unauthenticated network access is required.
- Specially crafted web requests trigger the flaw.
- Allows unauthorized DNS and SMB requests.
Live Threat
Current exploitation, exposure, and threat context
When multiple management extension plugins are enabled on Windows, a vulnerability in the RabbitMQ management plugin's static file handler could allow an attacker to trigger outbound DNS and SMB requests to attacker-controlled UNC paths, potentially exposing system data and influencing service behavior.
- System data and service behavior.
- Triggered by specially crafted web requests.
- Information disclosure or denial of service.
Operational Fix
Recommended remediation, mitigation, and detection steps
Teams responsible for RabbitMQ servers and their associated management plugins, including infrastructure and platform teams, should prioritize this critical vulnerability. The first step is to identify all RabbitMQ deployments, assess their network reachability and business criticality, and confirm ownership before planning remediation.
- Identify and confirm RabbitMQ ownership.
- Verify management plugin reachability and impact.
- Plan remediation based on risk assessment.