Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2021-32719

Published: 28/06/2021 Updated: 02/07/2021
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Vmware

Vulnerability Summary

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](www.rabbitmq.com/cli.html) instead.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware rabbitmq

Vendor Advisories

Red Hat: Low: Red Hat OpenStack Platform 16.2.4 (rabbitmq-server) security update
Synopsis Low: Red Hat OpenStack Platform 1624 (rabbitmq-server) security update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rabbitmq-server is now available for Red Hat OpenStackPlatform 1624 (Train) for R ...
Debian CVElist Bug Report Logs: rabbitmq-server: CVE-2021-32719 CVE-2021-32718
Debian Bug report logs - #990524 rabbitmq-server: CVE-2021-32719 CVE-2021-32718 Package: src:rabbitmq-server; Maintainer for src:rabbitmq-server is Debian OpenStack &lt;team+openstack@trackerdebianorg&gt;; Reported by: Moritz Mühlenhoff &lt;jmm@inutilorg&gt; Date: Thu, 1 Jul 2021 11:24:04 UTC Severity: important Tags: secur ...
Red Hat: CVE-2021-32719
No description is available for this CVE ...
Arch Linux Issues:
In rabbitmq-server prior to version 3818, when a federation link was displayed in the RabbitMQ management UI via the rabbitmq_federation_management plugin, its consumer tag was rendered without proper &lt;script&gt; tag sanitization, potentially allowing for JavaScript code execution in the context of the page As a workaround, disable the rabbi ...

References

CWE-79https://github.com/rabbitmq/rabbitmq-server/pull/3122https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773xhttps://herolab.usd.de/security-advisories/usd-2021-0011/https://access.redhat.com/errata/RHSA-2022:8851https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-32719
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook