All the vulnerabilites related to rabbitmq - rabbitmq-server
cve-2021-32719
Vulnerability from cvelistv5
Published
2021-06-28 15:15
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ federation management plugin
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x | x_refsource_CONFIRM | |
| https://github.com/rabbitmq/rabbitmq-server/pull/3122 | x_refsource_MISC | |
| https://herolab.usd.de/security-advisories/usd-2021-0011/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| rabbitmq | rabbitmq-server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/3122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://herolab.usd.de/security-advisories/usd-2021-0011/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rabbitmq-server",
"vendor": "rabbitmq",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper \u003cscript\u003e tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-02T13:21:36",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/3122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://herolab.usd.de/security-advisories/usd-2021-0011/"
}
],
"source": {
"advisory": "GHSA-5452-hxj4-773x",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ federation management plugin",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32719",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ federation management plugin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rabbitmq-server",
"version": {
"version_data": [
{
"version_value": "\u003c 3.8.18"
}
]
}
}
]
},
"vendor_name": "rabbitmq"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper \u003cscript\u003e tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x",
"refsource": "CONFIRM",
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x"
},
{
"name": "https://github.com/rabbitmq/rabbitmq-server/pull/3122",
"refsource": "MISC",
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/3122"
},
{
"name": "https://herolab.usd.de/security-advisories/usd-2021-0011/",
"refsource": "MISC",
"url": "https://herolab.usd.de/security-advisories/usd-2021-0011/"
}
]
},
"source": {
"advisory": "GHSA-5452-hxj4-773x",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32719",
"datePublished": "2021-06-28T15:15:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31008
Vulnerability from cvelistv5
Published
2022-10-06 00:00
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
Predictable credential obfuscation seed value used in rabbitmq-server
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| rabbitmq | rabbitmq-server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/4841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rabbitmq-server",
"vendor": "rabbitmq",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.32"
},
{
"status": "affected",
"version": "\u003e= 3.9.0, \u003c 3.9.18"
},
{
"status": "affected",
"version": "\u003e= 3.10.0, \u003c 3.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8"
},
{
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/4841"
}
],
"source": {
"advisory": "GHSA-v9gv-xp36-jgj8",
"discovery": "UNKNOWN"
},
"title": "Predictable credential obfuscation seed value used in rabbitmq-server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31008",
"datePublished": "2022-10-06T00:00:00",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-51988
Vulnerability from cvelistv5
Published
2024-11-06 19:15
Modified
2024-11-06 19:53
Severity ?
EPSS score ?
Summary
HTTP API's queue deletion endpoint does not verify that the user has a required permission
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-pj33-75x5-32j4 | x_refsource_CONFIRM | |
| https://www.rabbitmq.com/docs/prometheus | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| rabbitmq | rabbitmq-server |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T19:53:13.523222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T19:53:22.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rabbitmq-server",
"vendor": "rabbitmq",
"versions": [
{
"status": "affected",
"version": "Open source RabbitMQ: \u003e= 3.12.7, \u003c 3.12.11"
},
{
"status": "affected",
"version": "Tanzu RabbitMQ: \u003e= 2.0.0, \u003c 3.13.0"
},
{
"status": "affected",
"version": "Tanzu RabbitMQ: \u003c 1.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the `configure` permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host \u0026 3. HTTP API access. could delete queues it had no (deletion) permissions for. This issue has been addressed in version 3.12.11 of the open source rabbitMQ release and in versions 1.5.2, 3.13.0, and 4.0.0 of the tanzu release. Users are advised to upgrade. Users unable to upgrade may disable management plugin and use, for example, Prometheus and Grafana for monitoring."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T19:15:17.391Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-pj33-75x5-32j4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-pj33-75x5-32j4"
},
{
"name": "https://www.rabbitmq.com/docs/prometheus",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rabbitmq.com/docs/prometheus"
}
],
"source": {
"advisory": "GHSA-pj33-75x5-32j4",
"discovery": "UNKNOWN"
},
"title": "HTTP API\u0027s queue deletion endpoint does not verify that the user has a required permission"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51988",
"datePublished": "2024-11-06T19:15:17.391Z",
"dateReserved": "2024-11-04T17:46:16.775Z",
"dateUpdated": "2024-11-06T19:53:22.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46118
Vulnerability from cvelistv5
Published
2023-10-24 23:27
Modified
2024-08-02 20:37
Severity ?
EPSS score ?
Summary
Denial of Service by publishing large messages over the HTTP API
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| rabbitmq | rabbitmq-server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5571"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rabbitmq-server",
"vendor": "rabbitmq",
"versions": [
{
"status": "affected",
"version": "\u003c 3.12.7"
},
{
"status": "affected",
"version": "\u003c 3.11.24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an \"out-of-memory killer\"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T23:27:06.952Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg"
},
{
"url": "https://www.debian.org/security/2023/dsa-5571"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00009.html"
}
],
"source": {
"advisory": "GHSA-w6cq-9cf4-gqpg",
"discovery": "UNKNOWN"
},
"title": "Denial of Service by publishing large messages over the HTTP API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46118",
"datePublished": "2023-10-24T23:27:06.952Z",
"dateReserved": "2023-10-16T17:51:35.571Z",
"dateUpdated": "2024-08-02T20:37:39.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32718
Vulnerability from cvelistv5
Published
2021-06-28 14:50
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 | x_refsource_CONFIRM | |
| https://github.com/rabbitmq/rabbitmq-server/pull/3028 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Dec/3 | mailing-list, x_refsource_FULLDISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| rabbitmq | rabbitmq-server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/3028"
},
{
"name": "20211203 usd AG Security Advisories 11/2021",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rabbitmq-server",
"vendor": "rabbitmq",
"versions": [
{
"status": "affected",
"version": "\u003c 3.8.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user\u0027s bane being rendered in a confirmation message without proper `\u003cscript\u003e` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-03T18:06:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/3028"
},
{
"name": "20211203 usd AG Security Advisories 11/2021",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/3"
}
],
"source": {
"advisory": "GHSA-c3hj-rg5h-2772",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32718",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rabbitmq-server",
"version": {
"version_data": [
{
"version_value": "\u003c 3.8.17"
}
]
}
}
]
},
"vendor_name": "rabbitmq"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user\u0027s bane being rendered in a confirmation message without proper `\u003cscript\u003e` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772",
"refsource": "CONFIRM",
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772"
},
{
"name": "https://github.com/rabbitmq/rabbitmq-server/pull/3028",
"refsource": "MISC",
"url": "https://github.com/rabbitmq/rabbitmq-server/pull/3028"
},
{
"name": "20211203 usd AG Security Advisories 11/2021",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Dec/3"
}
]
},
"source": {
"advisory": "GHSA-c3hj-rg5h-2772",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32718",
"datePublished": "2021-06-28T14:50:10",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}