CVE-2023-35789: 
NixOS vulnerability analysis and mitigation

CVE-2023-35789 affects the C AMQP client library (rabbitmq-c) through version 0.13.0 for RabbitMQ. The vulnerability was discovered and disclosed on June 16, 2023. The issue affects the credential handling functionality in the command-line tools like amqp-publish and amqp-consume (NVD).

The vulnerability is classified as Insufficiently Protected Credentials (CWE-522) with a CVSS v3.1 base score of 5.5 (Medium). The vulnerability exists because credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments (NVD).

The vulnerability allows local attackers to view authentication credentials by examining process listings and their arguments. This exposure of credentials could lead to unauthorized access to RabbitMQ services (NVD).

A fix has been implemented that adds a new option to read username/password from a file instead of command line arguments. The patch introduces an --authfile option that expects a filename containing credentials in a specific format (GitHub PR). Red Hat has released security updates for affected versions in RHEL 8 and 9 (Red Hat Advisory).