Lavinmq
Monthly
Authenticated users in LavinMQ versions before 2.6.6 can read sensitive broker metadata they lack permissions to access, resulting in information disclosure. This vulnerability requires valid credentials but poses a risk in multi-tenant deployments where access controls should be strictly enforced. A patch is available in version 2.6.6.
Authenticated users holding the Policymaker tag in LavinMQ prior to version 2.6.8 can create shovels that bypass access controls, allowing them to read from or publish messages to unauthorized virtual hosts. This privilege escalation vulnerability affects multi-tenant deployments where access segregation is critical. A patch is available in version 2.6.8 and later.
Authenticated users in LavinMQ versions before 2.6.6 can read sensitive broker metadata they lack permissions to access, resulting in information disclosure. This vulnerability requires valid credentials but poses a risk in multi-tenant deployments where access controls should be strictly enforced. A patch is available in version 2.6.6.
Authenticated users holding the Policymaker tag in LavinMQ prior to version 2.6.8 can create shovels that bypass access controls, allowing them to read from or publish messages to unauthorized virtual hosts. This privilege escalation vulnerability affects multi-tenant deployments where access segregation is critical. A patch is available in version 2.6.8 and later.