Alan Conway

**Name of the Vulnerable Software and Affected Versions** Apache Qpid version 0.12 **Description** The issue allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username, due to improper verification of credentials during the joining of a cluster. **Recommendations** For Apache Qpid version 0.12, consider restricting access to cluster functionality until a proper fix is applied, and ensure that all cluster-usernames are properly secured to minimize the risk of exploitation.