Users with monitoring tag can access data outside permitted VHosts

[marpereira]

Describe the bug

After searching a bit I couldn't find anything related to this topic but I suspect that this could be already reported. If it's the case please close this.

When a user is assigned the monitoring tag in RabbitMQ, they gain global visibility into all connections, channels, nodes, and statistics — even for virtual hosts (vhosts) they do not have explicit access to. This violates the principle of least privilege and makes vhost-level isolation for monitoring users impossible.

Reproduction steps

1. Create a virtual host (e.g., /vhost-a and /vhost-b).
2. Add a user and assign the monitoring tag:

rabbitmqctl add_user monitor_user password
rabbitmqctl set_user_tags monitor_user monitoring
rabbitmqctl set_permissions -p /vhost-a monitor_user "" "" ".*"

3. Log in to the RabbitMQ Management UI as monitor_user.

Observe that:

• The user can see connections and channels from all vhosts (including /vhost-b, which they were never granted access to).
• The user can view node-wide stats (e.g., memory, message rates).

Expected behavior

A user with the monitoring tag and access only to /vhost-a should:

• Be able to monitor queues, exchanges, bindings, and metrics only for /vhost-a.
• Not see connections, channels, or resources in other vhosts (e.g., /vhost-b).

Monitoring capabilities should be scoped to the vhost(s) explicitly assigned via permissions.

Additional context

No response

[michaelklishin]

@marpereira if you assume this to be a security issue, consider learning about the concept of responsible disclosure.

Both behaviors are by design. A practical monitoring system will always need to access node data which is not virtual host-specific to begin with. Some users want such users to be able to list read-only data (connections being one example) for monitoring purposes.

In the case of Prometheus, for example, the scraping endpoint does not differentiate between virtual hosts and there's very often no authentication to begin with. And Prometheus-compatible tooling is an industry standard.