Skip to main content

Google EUVDEUVD-2022-52713

| CVE-2022-31008 MEDIUM
Use of Insufficiently Random Values (CWE-330)
2026-06-30 https://github.com/rabbitmq/rabbitmq-server GHSA-v9gv-xp36-jgj8
5.5
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SUSE
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Red Hat
7.5 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 30, 2026 - 16:15 github-advisory
MEDIUM 5.5

DescriptionGitHub Advisory

Impact

Shovel and Federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret.

This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log.

Patched versions correctly use a cluster-wide secret for that purpose.

Patches

Patched versions:

  • 3.10.2
  • 3.9.18
  • 3.8.32

Workarounds

Disable Shovel and Federation plugins.

Credits

RabbitMQ core team would like to thank Lajos @luos Gerecs and Anh Nguyen from Erlang Solutions for responsibly disclosing and working with us on a patch for this vulnerability.

For more information

AnalysisAI

Impact Shovel and Federation plugins perform URI obfuscation in their worker (link) state. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-330.

Impact Shovel and Federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose.

Patches Patched versions: * 3.10.2 * 3.9.18 * 3.8.32

Workarounds Disable Shovel and Federation plugins.

Credits RabbitMQ core team would like to thank Lajos @luos Gerecs and Anh Nguyen from Erlang Solutions for responsibly disclosing and working with us on a patch for this vulnerability.

For more information * Mailing list * Community Slack

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP6 SUSE Linux Enterprise Module for Server Applications 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

EUVD-2022-52713 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy