Vulnerabilites related to rabbitmq - rabbitmq-server
cve-2021-32718
Vulnerability from cvelistv5
Published
2021-06-28 14:50
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 | x_refsource_CONFIRM | |
| https://github.com/rabbitmq/rabbitmq-server/pull/3028 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Dec/3 | mailing-list, x_refsource_FULLDISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rabbitmq | rabbitmq-server |
Version: < 3.8.17 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:25:31.192Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rabbitmq/rabbitmq-server/pull/3028", }, { name: "20211203 usd AG Security Advisories 11/2021", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Dec/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "rabbitmq-server", vendor: "rabbitmq", versions: [ { status: "affected", version: "< 3.8.17", }, ], }, ], descriptions: [ { lang: "en", value: "RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-80", description: "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-03T18:06:10", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/rabbitmq/rabbitmq-server/pull/3028", }, { name: "20211203 usd AG Security Advisories 11/2021", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Dec/3", }, ], source: { advisory: "GHSA-c3hj-rg5h-2772", discovery: "UNKNOWN", }, title: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-32718", STATE: "PUBLIC", TITLE: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "rabbitmq-server", version: { version_data: [ { version_value: "< 3.8.17", }, ], }, }, ], }, vendor_name: "rabbitmq", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772", refsource: "CONFIRM", url: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772", }, { name: "https://github.com/rabbitmq/rabbitmq-server/pull/3028", refsource: "MISC", url: "https://github.com/rabbitmq/rabbitmq-server/pull/3028", }, { name: "20211203 usd AG Security Advisories 11/2021", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Dec/3", }, ], }, source: { advisory: "GHSA-c3hj-rg5h-2772", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-32718", datePublished: "2021-06-28T14:50:10", dateReserved: "2021-05-12T00:00:00", dateUpdated: "2024-08-03T23:25:31.192Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-32719
Vulnerability from cvelistv5
Published
2021-06-28 15:15
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x | x_refsource_CONFIRM | |
| https://github.com/rabbitmq/rabbitmq-server/pull/3122 | x_refsource_MISC | |
| https://herolab.usd.de/security-advisories/usd-2021-0011/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rabbitmq | rabbitmq-server |
Version: < 3.8.18 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:25:31.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rabbitmq/rabbitmq-server/pull/3122", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://herolab.usd.de/security-advisories/usd-2021-0011/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "rabbitmq-server", vendor: "rabbitmq", versions: [ { status: "affected", version: "< 3.8.18", }, ], }, ], descriptions: [ { lang: "en", value: "RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-80", description: "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-02T13:21:36", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/rabbitmq/rabbitmq-server/pull/3122", }, { tags: [ "x_refsource_MISC", ], url: "https://herolab.usd.de/security-advisories/usd-2021-0011/", }, ], source: { advisory: "GHSA-5452-hxj4-773x", discovery: "UNKNOWN", }, title: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ federation management plugin", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-32719", STATE: "PUBLIC", TITLE: "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ federation management plugin", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "rabbitmq-server", version: { version_data: [ { version_value: "< 3.8.18", }, ], }, }, ], }, vendor_name: "rabbitmq", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x", refsource: "CONFIRM", url: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x", }, { name: "https://github.com/rabbitmq/rabbitmq-server/pull/3122", refsource: "MISC", url: "https://github.com/rabbitmq/rabbitmq-server/pull/3122", }, { name: "https://herolab.usd.de/security-advisories/usd-2021-0011/", refsource: "MISC", url: "https://herolab.usd.de/security-advisories/usd-2021-0011/", }, ], }, source: { advisory: "GHSA-5452-hxj4-773x", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-32719", datePublished: "2021-06-28T15:15:11", dateReserved: "2021-05-12T00:00:00", dateUpdated: "2024-08-03T23:25:31.107Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-51988
Vulnerability from cvelistv5
Published
2024-11-06 19:15
Modified
2024-11-06 19:53
Severity ?
EPSS score ?
Summary
RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the `configure` permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HTTP API access. could delete queues it had no (deletion) permissions for. This issue has been addressed in version 3.12.11 of the open source rabbitMQ release and in versions 1.5.2, 3.13.0, and 4.0.0 of the tanzu release. Users are advised to upgrade. Users unable to upgrade may disable management plugin and use, for example, Prometheus and Grafana for monitoring.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-pj33-75x5-32j4 | x_refsource_CONFIRM | |
| https://www.rabbitmq.com/docs/prometheus | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rabbitmq | rabbitmq-server |
Version: Open source RabbitMQ: >= 3.12.7, < 3.12.11 Version: Tanzu RabbitMQ: >= 2.0.0, < 3.13.0 Version: Tanzu RabbitMQ: < 1.5.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-51988", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T19:53:13.523222Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T19:53:22.685Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "rabbitmq-server", vendor: "rabbitmq", versions: [ { status: "affected", version: "Open source RabbitMQ: >= 3.12.7, < 3.12.11", }, { status: "affected", version: "Tanzu RabbitMQ: >= 2.0.0, < 3.13.0", }, { status: "affected", version: "Tanzu RabbitMQ: < 1.5.2", }, ], }, ], descriptions: [ { lang: "en", value: "RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the `configure` permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HTTP API access. could delete queues it had no (deletion) permissions for. This issue has been addressed in version 3.12.11 of the open source rabbitMQ release and in versions 1.5.2, 3.13.0, and 4.0.0 of the tanzu release. Users are advised to upgrade. Users unable to upgrade may disable management plugin and use, for example, Prometheus and Grafana for monitoring.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-06T19:15:17.391Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-pj33-75x5-32j4", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-pj33-75x5-32j4", }, { name: "https://www.rabbitmq.com/docs/prometheus", tags: [ "x_refsource_MISC", ], url: "https://www.rabbitmq.com/docs/prometheus", }, ], source: { advisory: "GHSA-pj33-75x5-32j4", discovery: "UNKNOWN", }, title: "HTTP API's queue deletion endpoint does not verify that the user has a required permission", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-51988", datePublished: "2024-11-06T19:15:17.391Z", dateReserved: "2024-11-04T17:46:16.775Z", dateUpdated: "2024-11-06T19:53:22.685Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31008
Vulnerability from cvelistv5
Published
2022-10-06 00:00
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rabbitmq | rabbitmq-server |
Version: < 3.8.32 Version: >= 3.9.0, < 3.9.18 Version: >= 3.10.0, < 3.10.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:03:40.269Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8", }, { tags: [ "x_transferred", ], url: "https://github.com/rabbitmq/rabbitmq-server/pull/4841", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "rabbitmq-server", vendor: "rabbitmq", versions: [ { status: "affected", version: "< 3.8.32", }, { status: "affected", version: ">= 3.9.0, < 3.9.18", }, { status: "affected", version: ">= 3.10.0, < 3.10.2", }, ], }, ], descriptions: [ { lang: "en", value: "RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-330", description: "CWE-330: Use of Insufficiently Random Values", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-11T00:00:00", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8", }, { url: "https://github.com/rabbitmq/rabbitmq-server/pull/4841", }, ], source: { advisory: "GHSA-v9gv-xp36-jgj8", discovery: "UNKNOWN", }, title: "Predictable credential obfuscation seed value used in rabbitmq-server", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-31008", datePublished: "2022-10-06T00:00:00", dateReserved: "2022-05-18T00:00:00", dateUpdated: "2024-08-03T07:03:40.269Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-30219
Vulnerability from cvelistv5
Published
2025-03-25 22:55
Modified
2025-03-26 13:43
Severity ?
EPSS score ?
Summary
RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions
will display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user's browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-g58g-82mw-9m3p | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rabbitmq | rabbitmq-server |
Version: < 4.0.3 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-30219", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-26T13:43:09.892366Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-26T13:43:18.250Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "rabbitmq-server", vendor: "rabbitmq", versions: [ { status: "affected", version: "< 4.0.3", }, ], }, ], descriptions: [ { lang: "en", value: "RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable (with other on disk file modifications) can lead to arbitrary JavaScript code execution in the browsers of management UI users. When a virtual host on a RabbitMQ node fails to start, recent versions\nwill display an error message (a notification) in the management UI. The error message includes virtual host name, which was not escaped prior to open source RabbitMQ 4.0.3 and Tanzu RabbitMQ 4.0.3, 3.13.8. An attack that both makes a virtual host fail to start and creates a new virtual host name with an XSS code snippet or changes the name of an existing virtual host on disk could trigger arbitrary JavaScript code execution in the management UI (the user's browser). Open source RabbitMQ `4.0.3` and Tanzu RabbitMQ `4.0.3` and `3.13.8` patch the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T22:55:35.539Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-g58g-82mw-9m3p", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-g58g-82mw-9m3p", }, ], source: { advisory: "GHSA-g58g-82mw-9m3p", discovery: "UNKNOWN", }, title: "RabbitMQ has XSS Vulnerability in an Error Message in Management UI", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2025-30219", datePublished: "2025-03-25T22:55:35.539Z", dateReserved: "2025-03-18T18:15:13.850Z", dateUpdated: "2025-03-26T13:43:18.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46118
Vulnerability from cvelistv5
Published
2023-10-24 23:27
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rabbitmq | rabbitmq-server |
Version: < 3.12.7 Version: < 3.11.24 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:37:39.445Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5571", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "rabbitmq-server", vendor: "rabbitmq", versions: [ { status: "affected", version: "< 3.12.7", }, { status: "affected", version: "< 3.11.24", }, ], }, ], descriptions: [ { lang: "en", value: "RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an \"out-of-memory killer\"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-14T00:06:21.527Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg", }, { url: "https://www.debian.org/security/2023/dsa-5571", }, { url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00009.html", }, ], source: { advisory: "GHSA-w6cq-9cf4-gqpg", discovery: "UNKNOWN", }, title: "Denial of Service by publishing large messages over the HTTP API", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-46118", datePublished: "2023-10-24T23:27:06.952Z", dateReserved: "2023-10-16T17:51:35.571Z", dateUpdated: "2025-02-13T17:14:16.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }