AVG-322 log

Package rabbitmq
Status Fixed
Severity Medium
Type multiple issues
Affected 3.6.8-1
Fixed 3.6.9-1
Current 3.12.10-1 [extra]
Ticket None
Created Thu Jun 22 14:26:54 2017
Issue Severity Remote Type Description
CVE-2017-4967 Medium Yes Cross-site scripting
It has been discovered that several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
CVE-2017-4966 Medium No Information disclosure
It has been discovered that the RabbitMQ management UI stores signed- in user credentials in a browser's local storage without expiration, making it...
CVE-2017-4965 Medium Yes Cross-site scripting
It has been discovered that several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
References
https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9