Skip to main content

Rabbitmq CVE-2019-11281

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2019-10-16 security@pivotal.io
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 16, 2019 - 16:15 nvd
MEDIUM 4.8

DescriptionNVD

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.

AnalysisAI

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information. Affected products include: Pivotal Software Rabbitmq, Redhat Openstack, Redhat Openstack For Ibm Power, Debian Debian Linux, Fedoraproject Fedora. Version information: prior to 1.15.13.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2019-11287 HIGH POC
7.5 Nov 23

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x ver

CVE-2016-9877 CRITICAL
9.8 Dec 29

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.

CVE-2021-32718 MEDIUM POC
5.4 Jun 28

RabbitMQ is a multi-protocol messaging broker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploita

CVE-2021-32719 MEDIUM POC
4.8 Jun 28

RabbitMQ is a multi-protocol messaging broker. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploita

CVE-2017-4966 HIGH
7.8 Jun 13

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions p

CVE-2019-3800 HIGH
7.8 Aug 05

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when th

CVE-2016-0929 HIGH
7.5 Sep 18

The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of fa

CVE-2021-22116 HIGH
7.5 Jun 08

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in

CVE-2015-8786 MEDIUM
6.5 Dec 09

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a deni

CVE-2020-5419 MEDIUM
6.7 Aug 31

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allow

CVE-2018-1279 MEDIUM
6.5 Dec 10

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines wh

CVE-2017-4965 MEDIUM
6.1 Jun 13

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions p

Share

CVE-2019-11281 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy