CVE-2024-51988
📋 TL;DR
This vulnerability allows authenticated RabbitMQ users with HTTP API access and some permissions on a virtual host to delete queues they shouldn't have permission to delete. It affects RabbitMQ deployments where users have partial permissions but lack the specific 'configure' permission required for queue deletion. The flaw bypasses proper authorization checks in the HTTP API.
💻 Affected Systems
- RabbitMQ
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious or compromised users could delete critical message queues, causing message loss, service disruption, and data integrity issues across dependent applications.
Likely Case
Accidental or intentional deletion of queues by users with partial permissions, leading to application errors and operational impact.
If Mitigated
Minimal impact if proper network segmentation and least-privilege access controls are implemented, limiting which users can access the HTTP API.
🎯 Exploit Status
Exploitation requires valid credentials and HTTP API access; the vulnerability is straightforward to exploit once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Open source: 3.12.11; Tanzu: 1.5.2, 3.13.0, or 4.0.0
Vendor Advisory: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-pj33-75x5-32j4
Restart Required: Yes
Instructions:
1. Backup RabbitMQ configuration and data. 2. Stop RabbitMQ service. 3. Upgrade to patched version using package manager or manual installation. 4. Restart RabbitMQ service. 5. Verify queue deletion permissions are now properly enforced.
🔧 Temporary Workarounds
Disable Management Plugin
allDisable the RabbitMQ management plugin that provides the vulnerable HTTP API, removing the attack surface.
rabbitmq-plugins disable rabbitmq_management
🧯 If You Can't Patch
- Restrict HTTP API access using network controls (firewalls, ACLs) to only trusted administrative networks.
- Implement strict least-privilege access controls; ensure users only have permissions absolutely necessary for their roles.
🔍 How to Verify
Check if Vulnerable:
Check RabbitMQ version; if below patched versions and management plugin is enabled, the system is vulnerable.Check Version:
rabbitmqctl versionVerify Fix Applied:
After upgrade, test that users without 'configure' permission cannot delete queues via HTTP API.📡 Detection & Monitoring
Log Indicators:
- Unexpected queue deletion events in RabbitMQ logs
- HTTP API DELETE requests to /api/queues from unauthorized users
Network Indicators:
- HTTP DELETE requests to RabbitMQ management API on port 15672
SIEM Query:
source="rabbitmq.log" AND "deleting queue" AND NOT user="authorized_user"