Miggo's security team disclosed two access control vulnerabilities in RabbitMQ that expose OAuth secrets and compromise multi-tenant isolation. The flaws allow attackers to leak the message broker's confidential OAuth client secrets and expose cross-tenant queue metadata, creating pathways for infrastructure takeover and tenant boundary bypass.
RabbitMQ serves as a critical message broker in enterprise environments, handling sensitive communications across distributed systems. The access control weaknesses undermine the platform's authentication and authorization mechanisms. Attackers exploiting these vulnerabilities gain unauthorized access to OAuth credentials stored within the broker, credentials typically used for secure API authentication and service-to-service communication.
The cross-tenant exposure presents acute risk in multi-tenant deployments. Organizations isolate customer data through logical boundaries in shared RabbitMQ instances. These flaws erode that isolation, potentially exposing one customer's queue configuration, routing rules, and metadata to competitors or malicious actors within the same deployment.
OAuth client secrets represent high-value targets. Once obtained, attackers impersonate legitimate applications, request elevated permissions, and access downstream systems protected by OAuth. The leaked secrets could enable lateral movement through interconnected services relying on RabbitMQ for authentication workflows.
Enterprise deployments face compounded risk. Message brokers often sit at infrastructure cores, integrating with payment systems, customer databases, and APIs. Compromise at this layer cascades through dependent applications and services.
Miggo's disclosure follows responsible coordination. Organizations running RabbitMQ should prioritize patching once fixes ship. Critical considerations include reviewing OAuth secret rotation policies, auditing recent queue access logs for anomalies, and evaluating network segmentation around message broker instances.
Organizations unable to patch immediately should restrict RabbitMQ network exposure, implement strict access controls on management APIs, and monitor for suspicious metadata queries or secret access patterns.
