Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rabbitmq vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2021-22117
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.
Vmware Rabbitmq
NA
CVE-2022-31008
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of ce...
Vmware Rabbitmq
3.5
CVSSv2
CVE-2021-32718
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing f...
Vmware Rabbitmq
3.5
CVSSv2
CVE-2021-32719
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitizat...
Vmware Rabbitmq
NA
CVE-2023-24447
A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and previous versions allows malicious users to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.
Jenkins Rabbitmq Consumer
NA
CVE-2023-24448
A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.
Jenkins Rabbitmq Consumer
7.5
CVSSv2
CVE-2020-36282
JMS Client for RabbitMQ 1.x prior to 1.15.2 and 2.x prior to 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data.
Rabbitmq Jms Client
5
CVSSv2
CVE-2014-9494
RabbitMQ prior to 3.4.0 allows remote malicious users to bypass the loopback_users restriction via a crafted X-Forwareded-For header.
Pivotal Software Rabbitmq
3.3
CVSSv2
CVE-2018-1279
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to...
Pivotal Software Rabbitmq
1 Github repository
3.5
CVSSv2
CVE-2015-0862
Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin prior to 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; ...
Pivotal Software Rabbitmq Management
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »