Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x before 1.15.13, versions 1.16.x before 1.16.6, and versions 1.17.x before 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal software rabbitmq |
||
debian debian linux 9.0 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
redhat openstack 15 |
||
redhat openstack for ibm power 15 |