CVE-2022-31008— Predictable credential obfuscation seed value used in rabbitmq-server
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-31008
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Predictable credential obfuscation seed value used in rabbitmq-server
Source: NVD (National Vulnerability Database)
Vulnerability Description
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用不充分的随机数
Source: NVD (National Vulnerability Database)
Vulnerability Title
RabbitMQ 安全特征问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
RabbitMQ是RabbitMQ开源的一个功能丰富的多协议消息和流媒体代理。 RabbitMQ存在安全漏洞,该漏洞源于其shovel和federation插件在其worker(link)状态下执行URI混淆。用于加密URI的加密密钥带有可预测的内容。这意味着,在与Shovel和Federation插件相关的某些异常情况下,节点日志中可能会出现相当容易消除混淆的数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| rabbitmq | rabbitmq-server | < 3.8.32 | - |
II. Public POCs for CVE-2022-31008
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-31008
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: rabbitmq-server
- CVE-2025-50200
RabbitMQ Node can log Basic Auth header from an HTTP request - CVE-2025-30219
RabbitMQ has XSS Vulnerability in an Error Message in Manage - CVE-2024-51988
HTTP API's queue deletion endpoint does not verify that the - CVE-2023-46118
Denial of Service by publishing large messages over the HTTP - CVE-2021-32719
Improper Neutralization of Script-Related HTML Tags in a Web
Same vendor: rabbitmq
- CVE-2025-50200
RabbitMQ Node can log Basic Auth header from an HTTP request - CVE-2025-30219
RabbitMQ has XSS Vulnerability in an Error Message in Manage - CVE-2024-51988
HTTP API's queue deletion endpoint does not verify that the - CVE-2023-46118
Denial of Service by publishing large messages over the HTTP - CVE-2023-46120
RabbitMQ Java client's lack of message size limitation leads
Same weakness: CWE-330
- CVE-2026-7847
chatchat-space Langchain-Chatchat Uploaded File openai_route - CVE-2026-40975
VMware Spring Boot 安全特征问题漏洞 - CVE-2026-40496
FreeScout has Predictable Attachment Token that Allows Unaut - CVE-2026-40306
DNN has same HostGUID for all new installs - CVE-2026-33710
Chamilo LMS has Weak REST API Key Generation (Predictable)
V. Comments for CVE-2022-31008
No comments yet