CVE-2021-22117 log
| Source |
|
| Severity | Medium |
| Remote | No |
| Type | Arbitrary code execution |
| Description | RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. A malicious actor can execute arbitrary code on the running RabbitMQ server by adding arbitrary plugins. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1967 | rabbitmq | 3.8.14-1 | Medium | Not affected |
| References |
|---|
https://tanzu.vmware.com/security/cve-2021-22117 |