RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. External Reference: https://tanzu.vmware.com/security/cve-2021-22116
Created rabbitmq-server tracking bugs for this issue: Affects: epel-7 [bug 1961641] Affects: fedora-all [bug 1961640]
All versions of Ansible Tower that used RabbitMQ (Tower versions 3.6 and earlier) are now EOL.
Hi, marking this as "Not affected" for Ansible Tower as RabbitMQ is no more relevant to Tower Or AAP.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-22116
https://github.com/rabbitmq/rabbitmq-server/releases/tag/v3.8.15