A non-privileged local user could access the RabbitMQ Erlang cookie value via Facter. In addition, the Erlang cookie information could be unintentionally exposed through third-party applications that display facts.
Users should upgrade the puppetlabs-rabbitmq module to puppetlabs-rabbitmq 5.0.
Thanks to Luca Bruno for responsibly disclosing this issue to us.
CVSS v2 Score: 1.3
Affected Software Versions: