RabbitMQ flaws risk OAuth secret exposure
🔒 Cybersecurity researchers disclosed two access-control flaws in RabbitMQ that could leak OAuth client secrets and allow cross-tenant data access. Miggo's team reported one issue exposes the broker's OAuth secret to unauthenticated requests, enabling full broker takeover, while the other permits authenticated users to read other tenants' queue metadata. Affected releases begin at 3.13.0; fixes are available in recent patch releases and administrators are urged to rotate secrets and restrict management access.
