Hyperreap

**Name of the Vulnerable Software and Affected Versions** RabbitMQ versions 3.13.7 and prior **Description** The issue concerns RabbitMQ logging authorization headers in plaintext, encoded in base64, when queried with HTTP/s and basic authentication. This results in logs containing all request headers, including authorization headers with base64 encoded username:password, which can be easily decoded. Decoded credentials could potentially be used to gain control of the system, depending on the credentials. **Recommendations** For versions 3.13.7 and prior, update to version 4.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the RabbitMQ logs to minimize the risk of exploitation. Avoid using basic authentication with sensitive credentials in the affected API endpoints until the issue is resolved.