The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x prior to 1.6.4 logs command lines of failed commands, which might allow context-dependent malicious users to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal software rabbitmq 1.6.0 |
||
pivotal software rabbitmq 1.6.1 |
||
pivotal software rabbitmq 1.6.2 |
||
pivotal software rabbitmq 1.6.3 |