CVE-2023-35789 Information

Description

An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g. for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments.

Reference

https://github.com/alanxz/rabbitmq-c/issues/575 https://github.com/alanxz/rabbitmq-c/pull/781