An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. https://github.com/alanxz/rabbitmq-c/issues/575 https://github.com/alanxz/rabbitmq-c/pull/781
Created librabbitmq tracking bugs for this issue: Affects: fedora-all [bug 2216736]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6482 https://access.redhat.com/errata/RHSA-2023:6482
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7150 https://access.redhat.com/errata/RHSA-2023:7150