cvelistv5 - CVE-2019-11291

CVE-2019-11291 (GCVE-0-2019-11291)

Vulnerability from cvelistv5 – Published: 2019-11-22 22:56 – Updated: 2024-09-17 00:31

Summary

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.

Severity ?

3.1 (Low)


                        
                          CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

CWE

CWE-79 - Cross-site Scripting (XSS) - Generic

Assigner

pivotal

References

URL

Tags

	https://pivotal.io/security/cve-2019-11291	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2020:0553	vendor-advisoryx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Pivotal

RabbitMQ

Affected: 3.8 , < v3.8.1 (custom)
Affected: 3.7 , < v3.7.20 (custom)

Pivotal

RabbitMQ for Pivotal Platform

Affected: 1.17 , < 1.17.4 (custom)
Affected: 1.16 , < 1.16.7 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:48:09.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2019-11291"
          },
          {
            "name": "RHSA-2020:0553",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0553"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RabbitMQ",
          "vendor": "Pivotal",
          "versions": [
            {
              "lessThan": "v3.8.1",
              "status": "affected",
              "version": "3.8",
              "versionType": "custom"
            },
            {
              "lessThan": "v3.7.20",
              "status": "affected",
              "version": "3.7",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "RabbitMQ for Pivotal Platform",
          "vendor": "Pivotal",
          "versions": [
            {
              "lessThan": "1.17.4",
              "status": "affected",
              "version": "1.17",
              "versionType": "custom"
            },
            {
              "lessThan": "1.16.7",
              "status": "affected",
              "version": "1.16",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Cross-site Scripting (XSS) - Generic",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-19T18:06:05",
        "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "shortName": "pivotal"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2019-11291"
        },
        {
          "name": "RHSA-2020:0553",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0553"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "RabbitMQ XSS attack via federation and shovel endpoints",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@pivotal.io",
          "DATE_PUBLIC": "2019-11-22T20:37:00.000Z",
          "ID": "CVE-2019-11291",
          "STATE": "PUBLIC",
          "TITLE": "RabbitMQ XSS attack via federation and shovel endpoints"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RabbitMQ",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "3.8",
                            "version_value": "v3.8.1"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "3.7",
                            "version_value": "v3.7.20"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RabbitMQ for Pivotal Platform",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "1.17",
                            "version_value": "1.17.4"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "1.16",
                            "version_value": "1.16.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Cross-site Scripting (XSS) - Generic"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2019-11291",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2019-11291"
            },
            {
              "name": "RHSA-2020:0553",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0553"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
    "assignerShortName": "pivotal",
    "cveId": "CVE-2019-11291",
    "datePublished": "2019-11-22T22:56:08.641103Z",
    "dateReserved": "2019-04-18T00:00:00",
    "dateUpdated": "2024-09-17T00:31:38.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionStartIncluding\": \"1.16.0\", \"versionEndExcluding\": \"1.16.7\", \"matchCriteriaId\": \"71FA6D1D-DDA6-46C0-A865-F44DC00E5208\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*\", \"versionStartIncluding\": \"1.17.0\", \"versionEndExcluding\": \"1.17.4\", \"matchCriteriaId\": \"093C3B60-6AB4-467C-90D9-3B086057D9BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.7.0\", \"versionEndExcluding\": \"3.7.20\", \"matchCriteriaId\": \"722B687D-DBAD-4CB6-B083-8F022AE0FDE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EAC5C4F-ED4B-4927-AAD3-19A48C10CC21\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70108B60-8817-40B4-8412-796A592E4E5E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.\"}, {\"lang\": \"es\", \"value\": \"Pivotal RabbitMQ, versiones 3.7 anteriores a v3.7.20 y versiones 3.8 anteriores a v3.8.1, y RabbitMQ para PCF, versiones 1.16.x anteriores a 1.16.7 y versiones 1.17.x anteriores a 1.17.4, contienen dos endpoints, federation y shovel, que no sanean apropiadamente la entrada de usuario. Un usuario malicioso autenticado remoto con acceso administrativo podr\\u00eda crear un ataque de tipo cross site scripting por medio de los campos vhost o node name, lo que podr\\u00eda otorgar acceso a los hosts virtuales e informaci\\u00f3n de administraci\\u00f3n de pol\\u00edticas.\"}]",
      "evaluatorComment": "A remote authenticated malicious user with administrative access",
      "id": "CVE-2019-11291",
      "lastModified": "2024-11-21T04:20:51.783",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 2.7}], \"cvssMetricV30\": [{\"source\": \"security@pivotal.io\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N\", \"baseScore\": 3.1, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.5, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-11-22T23:15:11.270",
      "references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2020:0553\", \"source\": \"security@pivotal.io\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://pivotal.io/security/cve-2019-11291\", \"source\": \"security@pivotal.io\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0553\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://pivotal.io/security/cve-2019-11291\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@pivotal.io",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@pivotal.io\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-11291\",\"sourceIdentifier\":\"security@pivotal.io\",\"published\":\"2019-11-22T23:15:11.270\",\"lastModified\":\"2025-04-02T14:13:43.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.\"},{\"lang\":\"es\",\"value\":\"Pivotal RabbitMQ, versiones 3.7 anteriores a v3.7.20 y versiones 3.8 anteriores a v3.8.1, y RabbitMQ para PCF, versiones 1.16.x anteriores a 1.16.7 y versiones 1.17.x anteriores a 1.17.4, contienen dos endpoints, federation y shovel, que no sanean apropiadamente la entrada de usuario. Un usuario malicioso autenticado remoto con acceso administrativo podr\u00eda crear un ataque de tipo cross site scripting por medio de los campos vhost o node name, lo que podr\u00eda otorgar acceso a los hosts virtuales e informaci\u00f3n de administraci\u00f3n de pol\u00edticas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}],\"cvssMetricV30\":[{\"source\":\"security@pivotal.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.5,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security@pivotal.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.7.0\",\"versionEndExcluding\":\"3.7.20\",\"matchCriteriaId\":\"006D7A70-6A3E-4B32-9B74-DD5C017E8908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A7ACF90-B09B-4A3D-9823-891807C7AC6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionStartIncluding\":\"1.16.0\",\"versionEndExcluding\":\"1.16.7\",\"matchCriteriaId\":\"71FA6D1D-DDA6-46C0-A865-F44DC00E5208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*\",\"versionStartIncluding\":\"1.17.0\",\"versionEndExcluding\":\"1.17.4\",\"matchCriteriaId\":\"093C3B60-6AB4-467C-90D9-3B086057D9BA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70108B60-8817-40B4-8412-796A592E4E5E\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0553\",\"source\":\"security@pivotal.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2019-11291\",\"source\":\"security@pivotal.io\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2019-11291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}],\"evaluatorComment\":\"A remote authenticated malicious user with administrative access\"}}"
  }
}

RHSA-2020_0553

Vulnerability from csaf_redhat - Published: 2020-02-19 16:04 - Updated: 2024-11-22 14:23

Summary

Red Hat Security Advisory: rabbitmq-server security update

Notes

Topic

An update for rabbitmq-server is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

Details

RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Security Fix(es): * not properly sanitized user input may lead to XSS (CVE-2019-11291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for rabbitmq-server is now available for Red Hat OpenStack\nPlatform 15 (Stein).\n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "RabbitMQ is an implementation of AMQP, the emerging standard for high\nperformance enterprise messaging. The RabbitMQ server is a robust and\nscalable implementation of an AMQP broker.\n\nSecurity Fix(es):\n\n* not properly sanitized user input may lead to XSS (CVE-2019-11291)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:0553",
        "url": "https://access.redhat.com/errata/RHSA-2020:0553"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "1783327",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783327"
      },
      {
        "category": "external",
        "summary": "1786326",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786326"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0553.json"
      }
    ],
    "title": "Red Hat Security Advisory: rabbitmq-server security update",
    "tracking": {
      "current_release_date": "2024-11-22T14:23:54+00:00",
      "generator": {
        "date": "2024-11-22T14:23:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2020:0553",
      "initial_release_date": "2020-02-19T16:04:23+00:00",
      "revision_history": [
        {
          "date": "2020-02-19T16:04:23+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-02-19T16:04:23+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T14:23:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenStack Platform 15.0",
                "product": {
                  "name": "Red Hat OpenStack Platform 15.0",
                  "product_id": "8Base-RHOS-15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:15::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
                "product": {
                  "name": "rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
                  "product_id": "rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rabbitmq-server@3.7.23-2.el8ost?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rabbitmq-server-0:3.7.23-2.el8ost.x86_64",
                "product": {
                  "name": "rabbitmq-server-0:3.7.23-2.el8ost.x86_64",
                  "product_id": "rabbitmq-server-0:3.7.23-2.el8ost.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rabbitmq-server@3.7.23-2.el8ost?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rabbitmq-server-0:3.7.23-2.el8ost.src",
                "product": {
                  "name": "rabbitmq-server-0:3.7.23-2.el8ost.src",
                  "product_id": "rabbitmq-server-0:3.7.23-2.el8ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rabbitmq-server@3.7.23-2.el8ost?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rabbitmq-server-0:3.7.23-2.el8ost.ppc64le as a component of Red Hat OpenStack Platform 15.0",
          "product_id": "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.ppc64le"
        },
        "product_reference": "rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
        "relates_to_product_reference": "8Base-RHOS-15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rabbitmq-server-0:3.7.23-2.el8ost.src as a component of Red Hat OpenStack Platform 15.0",
          "product_id": "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.src"
        },
        "product_reference": "rabbitmq-server-0:3.7.23-2.el8ost.src",
        "relates_to_product_reference": "8Base-RHOS-15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rabbitmq-server-0:3.7.23-2.el8ost.x86_64 as a component of Red Hat OpenStack Platform 15.0",
          "product_id": "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.x86_64"
        },
        "product_reference": "rabbitmq-server-0:3.7.23-2.el8ost.x86_64",
        "relates_to_product_reference": "8Base-RHOS-15.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-11291",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2019-12-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1783327"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was discovered in rabbitmq-server where two endpoints, federation and shovel, do not properly sanitize user input. A remote, authenticated user, with administrative access, could execute a cross site scripting attack, using the vhost or node name fields, that could grant access to virtual hosts and policy management information. The largest threat associated with this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rabbitmq-server: not properly sanitized user input may lead to XSS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
          "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.src",
          "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-11291"
        },
        {
          "category": "external",
          "summary": "RHBZ#1783327",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783327"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-11291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11291"
        },
        {
          "category": "external",
          "summary": "https://pivotal.io/security/cve-2019-11291",
          "url": "https://pivotal.io/security/cve-2019-11291"
        }
      ],
      "release_date": "2019-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-02-19T16:04:23+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
            "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.src",
            "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:0553"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
            "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.src",
            "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "rabbitmq-server: not properly sanitized user input may lead to XSS"
    }
  ]
}

RHSA-2020:0553

Vulnerability from csaf_redhat - Published: 2020-02-19 16:04 - Updated: 2025-11-21 18:12

Summary

Red Hat Security Advisory: rabbitmq-server security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for rabbitmq-server is now available for Red Hat OpenStack\nPlatform 15 (Stein).\n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "RabbitMQ is an implementation of AMQP, the emerging standard for high\nperformance enterprise messaging. The RabbitMQ server is a robust and\nscalable implementation of an AMQP broker.\n\nSecurity Fix(es):\n\n* not properly sanitized user input may lead to XSS (CVE-2019-11291)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:0553",
        "url": "https://access.redhat.com/errata/RHSA-2020:0553"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "1783327",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783327"
      },
      {
        "category": "external",
        "summary": "1786326",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1786326"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0553.json"
      }
    ],
    "title": "Red Hat Security Advisory: rabbitmq-server security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:12:17+00:00",
      "generator": {
        "date": "2025-11-21T18:12:17+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2020:0553",
      "initial_release_date": "2020-02-19T16:04:23+00:00",
      "revision_history": [
        {
          "date": "2020-02-19T16:04:23+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-02-19T16:04:23+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:12:17+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenStack Platform 15.0",
                "product": {
                  "name": "Red Hat OpenStack Platform 15.0",
                  "product_id": "8Base-RHOS-15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:15::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
                "product": {
                  "name": "rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
                  "product_id": "rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rabbitmq-server@3.7.23-2.el8ost?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rabbitmq-server-0:3.7.23-2.el8ost.x86_64",
                "product": {
                  "name": "rabbitmq-server-0:3.7.23-2.el8ost.x86_64",
                  "product_id": "rabbitmq-server-0:3.7.23-2.el8ost.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rabbitmq-server@3.7.23-2.el8ost?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rabbitmq-server-0:3.7.23-2.el8ost.src",
                "product": {
                  "name": "rabbitmq-server-0:3.7.23-2.el8ost.src",
                  "product_id": "rabbitmq-server-0:3.7.23-2.el8ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rabbitmq-server@3.7.23-2.el8ost?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rabbitmq-server-0:3.7.23-2.el8ost.ppc64le as a component of Red Hat OpenStack Platform 15.0",
          "product_id": "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.ppc64le"
        },
        "product_reference": "rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
        "relates_to_product_reference": "8Base-RHOS-15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rabbitmq-server-0:3.7.23-2.el8ost.src as a component of Red Hat OpenStack Platform 15.0",
          "product_id": "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.src"
        },
        "product_reference": "rabbitmq-server-0:3.7.23-2.el8ost.src",
        "relates_to_product_reference": "8Base-RHOS-15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rabbitmq-server-0:3.7.23-2.el8ost.x86_64 as a component of Red Hat OpenStack Platform 15.0",
          "product_id": "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.x86_64"
        },
        "product_reference": "rabbitmq-server-0:3.7.23-2.el8ost.x86_64",
        "relates_to_product_reference": "8Base-RHOS-15.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-11291",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2019-12-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1783327"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was discovered in rabbitmq-server where two endpoints, federation and shovel, do not properly sanitize user input. A remote, authenticated user, with administrative access, could execute a cross site scripting attack, using the vhost or node name fields, that could grant access to virtual hosts and policy management information. The largest threat associated with this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rabbitmq-server: not properly sanitized user input may lead to XSS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
          "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.src",
          "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-11291"
        },
        {
          "category": "external",
          "summary": "RHBZ#1783327",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783327"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11291",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-11291"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11291",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11291"
        },
        {
          "category": "external",
          "summary": "https://pivotal.io/security/cve-2019-11291",
          "url": "https://pivotal.io/security/cve-2019-11291"
        }
      ],
      "release_date": "2019-12-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-02-19T16:04:23+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
            "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.src",
            "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:0553"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.ppc64le",
            "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.src",
            "8Base-RHOS-15.0:rabbitmq-server-0:3.7.23-2.el8ost.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "rabbitmq-server: not properly sanitized user input may lead to XSS"
    }
  ]
}

CNVD-2019-45014

Vulnerability from cnvd - Published: 2019-12-12

Title

Pivotal Software RabbitMQ跨站脚本漏洞

Description

Pivotal Software RabbitMQ是美国Pivotal Software公司的一套实现了高级消息队列协议（AMQP）的开源消息代理软件。 Pivotal Software RabbitMQ中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

Severity

低

Patch Name

Pivotal Software RabbitMQ跨站脚本漏洞的补丁

Patch Description

Pivotal Software RabbitMQ是美国Pivotal Software公司的一套实现了高级消息队列协议（AMQP）的开源消息代理软件。 Pivotal Software RabbitMQ中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://pivotal.io/security/cve-2019-11291

Reference

https://pivotal.io/security/cve-2019-11291

Impacted products

Name
['Pivotal Software RabbitMQ 3.7(<3.7.20)', 'Pivotal Software RabbitMQ 3.8(<3.8.1)', 'Pivotal Software RabbitMQ for PCF 1.16.，<1.16.7', 'Pivotal Software RabbitMQ for PCF 1.17.，<1.17.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-11291"
    }
  },
  "description": "Pivotal Software RabbitMQ\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u5b9e\u73b0\u4e86\u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae\uff08AMQP\uff09\u7684\u5f00\u6e90\u6d88\u606f\u4ee3\u7406\u8f6f\u4ef6\u3002\n\nPivotal Software RabbitMQ\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://pivotal.io/security/cve-2019-11291",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-45014",
  "openTime": "2019-12-12",
  "patchDescription": "Pivotal Software RabbitMQ\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u5b9e\u73b0\u4e86\u9ad8\u7ea7\u6d88\u606f\u961f\u5217\u534f\u8bae\uff08AMQP\uff09\u7684\u5f00\u6e90\u6d88\u606f\u4ee3\u7406\u8f6f\u4ef6\u3002\r\n\r\nPivotal Software RabbitMQ\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Pivotal Software RabbitMQ\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Pivotal Software RabbitMQ 3.7(\u003c3.7.20)",
      "Pivotal Software RabbitMQ 3.8(\u003c3.8.1)",
      "Pivotal Software RabbitMQ for PCF 1.16.*\uff0c\u003c1.16.7",
      "Pivotal Software RabbitMQ for PCF 1.17.*\uff0c\u003c1.17.4"
    ]
  },
  "referenceLink": "https://pivotal.io/security/cve-2019-11291",
  "serverity": "\u4f4e",
  "submitTime": "2019-11-25",
  "title": "Pivotal Software RabbitMQ\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

FKIE_CVE-2019-11291

Vulnerability from fkie_nvd - Published: 2019-11-22 23:15 - Updated: 2025-04-02 14:13

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security@pivotal.io	https://access.redhat.com/errata/RHSA-2020:0553	Third Party Advisory
security@pivotal.io	https://pivotal.io/security/cve-2019-11291	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2020:0553	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://pivotal.io/security/cve-2019-11291	Vendor Advisory

Impacted products

Vendor	Product	Version
broadcom	rabbitmq_server	*
broadcom	rabbitmq_server	3.8.0
vmware	rabbitmq	*
vmware	rabbitmq	*
redhat	openstack	15

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "006D7A70-6A3E-4B32-9B74-DD5C017E8908",
              "versionEndExcluding": "3.7.20",
              "versionStartIncluding": "3.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7ACF90-B09B-4A3D-9823-891807C7AC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*",
              "matchCriteriaId": "71FA6D1D-DDA6-46C0-A865-F44DC00E5208",
              "versionEndExcluding": "1.16.7",
              "versionStartIncluding": "1.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*",
              "matchCriteriaId": "093C3B60-6AB4-467C-90D9-3B086057D9BA",
              "versionEndExcluding": "1.17.4",
              "versionStartIncluding": "1.17.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "70108B60-8817-40B4-8412-796A592E4E5E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information."
    },
    {
      "lang": "es",
      "value": "Pivotal RabbitMQ, versiones 3.7 anteriores a v3.7.20 y versiones 3.8 anteriores a v3.8.1, y RabbitMQ para PCF, versiones 1.16.x anteriores a 1.16.7 y versiones 1.17.x anteriores a 1.17.4, contienen dos endpoints, federation y shovel, que no sanean apropiadamente la entrada de usuario. Un usuario malicioso autenticado remoto con acceso administrativo podr\u00eda crear un ataque de tipo cross site scripting por medio de los campos vhost o node name, lo que podr\u00eda otorgar acceso a los hosts virtuales e informaci\u00f3n de administraci\u00f3n de pol\u00edticas."
    }
  ],
  "evaluatorComment": "A remote authenticated malicious user with administrative access",
  "id": "CVE-2019-11291",
  "lastModified": "2025-04-02T14:13:43.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 2.5,
        "source": "security@pivotal.io",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-22T23:15:11.270",
  "references": [
    {
      "source": "security@pivotal.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0553"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2019-11291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2019-11291"
    }
  ],
  "sourceIdentifier": "security@pivotal.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security@pivotal.io",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-11291

Vulnerability from gsd - Updated: 2023-12-13 01:24

Details

Aliases

CVE-2019-11291

Aliases

CVE-2019-11291

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-11291",
    "description": "Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.",
    "id": "GSD-2019-11291",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-11291.html",
      "https://access.redhat.com/errata/RHSA-2020:0553"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-11291"
      ],
      "details": "Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.",
      "id": "GSD-2019-11291",
      "modified": "2023-12-13T01:24:01.133953Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@pivotal.io",
        "DATE_PUBLIC": "2019-11-22T20:37:00.000Z",
        "ID": "CVE-2019-11291",
        "STATE": "PUBLIC",
        "TITLE": "RabbitMQ XSS attack via federation and shovel endpoints"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "RabbitMQ",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_name": "3.8",
                          "version_value": "v3.8.1"
                        },
                        {
                          "affected": "\u003c",
                          "version_name": "3.7",
                          "version_value": "v3.7.20"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "RabbitMQ for Pivotal Platform",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_name": "1.17",
                          "version_value": "1.17.4"
                        },
                        {
                          "affected": "\u003c",
                          "version_name": "1.16",
                          "version_value": "1.16.7"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Pivotal"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-79: Cross-site Scripting (XSS) - Generic"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://pivotal.io/security/cve-2019-11291",
            "refsource": "CONFIRM",
            "url": "https://pivotal.io/security/cve-2019-11291"
          },
          {
            "name": "RHSA-2020:0553",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2020:0553"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.16.7",
                "versionStartIncluding": "1.16.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.17.4",
                "versionStartIncluding": "1.17.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.7.20",
                "versionStartIncluding": "3.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:rabbitmq:3.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@pivotal.io",
          "ID": "CVE-2019-11291"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2019-11291",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://pivotal.io/security/cve-2019-11291"
            },
            {
              "name": "RHSA-2020:0553",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0553"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.7,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2022-07-01T12:29Z",
      "publishedDate": "2019-11-22T23:15Z"
    }
  }
}

GHSA-9PF7-F47Q-MWPQ

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-07-05 21:19

Summary

Cross-site Scripting in RabbitMQ

Details

Severity ?

3.5 (Low)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Hex",
        "name": "rabbit_common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.7.0"
            },
            {
              "fixed": "3.7.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Hex",
        "name": "rabbit_common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.8.0"
            },
            {
              "fixed": "3.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-11291"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-05T21:19:07Z",
    "nvd_published_at": "2019-11-22T23:15:00Z",
    "severity": "LOW"
  },
  "details": "Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.",
  "id": "GHSA-9pf7-f47q-mwpq",
  "modified": "2022-07-05T21:19:07Z",
  "published": "2022-05-24T17:01:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11291"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0553"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rabbitmq/rabbitmq-server"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2019-11291"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cross-site Scripting in RabbitMQ"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-11291 (GCVE-0-2019-11291)

RHSA-2020_0553

RHSA-2020:0553

CNVD-2019-45014

FKIE_CVE-2019-11291

GSD-2019-11291

GHSA-9PF7-F47Q-MWPQ

Tags

Sightings

Nomenclature