Published: 22/11/2019 Updated: 01/07/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions before 1.16.7 and 1.17.x versions before 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware rabbitmq
vmware rabbitmq 3.8.0
redhat openstack 15

Synopsis Low: rabbitmq-server security update Type/Severity Security Advisory: Low Topic An update for rabbitmq-server is now available for Red Hat OpenStackPlatform 15 (Stein)Red Hat Product Security has rated this update as having a security impactof Low A Common Vulnerability Scoring System (CVSS) base ...

Debian Bug report logs - #945601 rabbitmq-server: CVE-2019-11291 Package: src:rabbitmq-server; Maintainer for src:rabbitmq-server is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 27 Nov 2019 19:54:02 UTC Severity: important Tags: security, upstr ...

CWE-79 https://pivotal.io/security/cve-2019-11291 https://access.redhat.com/errata/RHSA-2020:0553 https://access.redhat.com/errata/RHSA-2020:0553 https://nvd.nist.gov

CVE-2019-11291

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect