Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2021-32718

Published: 28/06/2021 Updated: 10/12/2021
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Rabbitmq

Vulnerability Summary

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware rabbitmq

Vendor Advisories

Debian CVElist Bug Report Logs: rabbitmq-server: CVE-2021-32719 CVE-2021-32718
Debian Bug report logs - #990524 rabbitmq-server: CVE-2021-32719 CVE-2021-32718 Package: src:rabbitmq-server; Maintainer for src:rabbitmq-server is Debian OpenStack &lt;team+openstack@trackerdebianorg&gt;; Reported by: Moritz Mühlenhoff &lt;jmm@inutilorg&gt; Date: Thu, 1 Jul 2021 11:24:04 UTC Severity: important Tags: secur ...
Red Hat: Low: Red Hat OpenStack Platform 16.1.9 (rabbitmq-server) security update
Synopsis Low: Red Hat OpenStack Platform 1619 (rabbitmq-server) security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rabbitmq-server is now available for Red Hat OpenStackPlatform 1619 (Train) for R ...
Red Hat: Low: Red Hat OpenStack Platform 16.2.4 (rabbitmq-server) security update
Synopsis Low: Red Hat OpenStack Platform 1624 (rabbitmq-server) security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rabbitmq-server is now available for Red Hat OpenStackPlatform 1624 (Train) for R ...
Arch Linux Issues:
In rabbitmq-server prior to version 3817, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper &lt;script&gt; tag sanitization, potentially allowing for JavaScript code execution in the context of the page In order for this to occur, the user must be signed in and have ele ...

Mailing Lists

Full Disclosure: usd AG Security Advisories 11/2021
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> usd AG Security Advisories 11/2021 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Responsible Disclosure ...

References

CWE-79https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772https://github.com/rabbitmq/rabbitmq-server/pull/3028http://seclists.org/fulldisclosure/2021/Dec/3https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990524https://nvd.nist.govhttps://security.archlinux.org/CVE-2021-32718
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook