Skip to main content

Rabbitmq

17 CVEs product

Monthly

CVE-2021-32719 MEDIUM POC PATCH This Month

RabbitMQ is a multi-protocol messaging broker. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Rabbitmq
NVD GitHub
CVSS 3.1
4.8
EPSS
1.4%
CVE-2021-32718 MEDIUM POC PATCH This Month

RabbitMQ is a multi-protocol messaging broker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Grafana RCE XSS Rabbitmq
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-22116 HIGH This Week

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rabbitmq Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-5419 MEDIUM This Month

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Rabbitmq Server Rabbitmq
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-11287 HIGH POC This Week

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Rabbitmq Server Rabbitmq Fedora Openstack +1
NVD GitHub
CVSS 3.1
7.5
EPSS
4.5%
CVE-2019-11291 MEDIUM This Month

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rabbitmq Server Rabbitmq Openstack
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2019-11281 MEDIUM This Month

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rabbitmq Openstack Openstack For Ibm Power Debian Linux +1
NVD
CVSS 3.1
4.8
EPSS
1.2%
CVE-2019-3800 HIGH This Week

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Command Line Interface Cloud Foundry Command Line Interface Release Cloud Foundry Deployment Cloud Foundry Deployment Concourse Tasks +42
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-1279 MEDIUM This Month

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rabbitmq
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2017-4967 MEDIUM This Month

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rabbitmq Server Rabbitmq Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2017-4966 HIGH This Week

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rabbitmq Server Rabbitmq Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2017-4965 MEDIUM This Month

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rabbitmq Server Rabbitmq Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2016-9877 CRITICAL Act Now

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rabbitmq Server Rabbitmq
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-8786 MEDIUM PATCH This Month

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Solaris Rabbitmq
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2016-0929 HIGH This Week

The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rabbitmq
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2014-9568 LOW Monitor

puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rabbitmq
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-9494 MEDIUM This Month

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Rabbitmq
NVD
CVSS 2.0
5.0
EPSS
0.4%
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

RabbitMQ is a multi-protocol messaging broker. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Rabbitmq
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

RabbitMQ is a multi-protocol messaging broker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Grafana RCE XSS +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rabbitmq Debian Linux
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Rabbitmq Server +1
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Rabbitmq Server Rabbitmq +3
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM This Month

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rabbitmq Server Rabbitmq +1
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rabbitmq Openstack +3
NVD
EPSS 2% CVSS 7.8
HIGH This Week

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Command Line Interface Cloud Foundry Command Line Interface Release +44
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rabbitmq
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rabbitmq Server Rabbitmq +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rabbitmq Server Rabbitmq +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rabbitmq Server Rabbitmq +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rabbitmq Server Rabbitmq
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Solaris Rabbitmq
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rabbitmq
NVD
EPSS 0% CVSS 2.1
LOW Monitor

puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rabbitmq
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Rabbitmq
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy