Rabbitmq Aws
Monthly
Arbitrary file read in amazon-mq rabbitmq-aws before 0.2.1 allows authenticated remote users to read any file accessible to the RabbitMQ process by submitting a crafted arn:aws-debug:file scheme to the PUT /api/aws/arn/validate validation endpoint. The flaw stems from leftover debug code in the ARN resolver and was reported by AWS itself; no public exploit has been identified at time of analysis and the issue is not listed in CISA KEV.
Arbitrary file read in amazon-mq rabbitmq-aws before 0.2.1 allows authenticated remote users to read any file accessible to the RabbitMQ process by submitting a crafted arn:aws-debug:file scheme to the PUT /api/aws/arn/validate validation endpoint. The flaw stems from leftover debug code in the ARN resolver and was reported by AWS itself; no public exploit has been identified at time of analysis and the issue is not listed in CISA KEV.