It was found that the AMQ 7 broker allows users using the OpenWire protocol to bypass usual permissions checks, this can allow an unprivileged user to create queues without verifying the role.
Acknowledgments: Name: Francesco Marchioni (Red Hat)
Mitigation: If you are not using the openwire protocol, it can be disabled by removing it from the list of accepted protocols in the `broker.xml` ```xml <acceptor name="artemis">tcp://0.0.0.0:61616?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true</acceptor> ```