AVG-322 log
Package | rabbitmq |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 3.6.8-1 |
Fixed | 3.6.9-1 |
Current | 3.12.10-1 [extra] |
Ticket | None |
Created | Thu Jun 22 14:26:54 2017 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2017-4967 | Medium | Yes | Cross-site scripting | It has been discovered that several forms in the RabbitMQ management UI are vulnerable to XSS attacks. |
CVE-2017-4966 | Medium | No | Information disclosure | It has been discovered that the RabbitMQ management UI stores signed- in user credentials in a browser's local storage without expiration, making it... |
CVE-2017-4965 | Medium | Yes | Cross-site scripting | It has been discovered that several forms in the RabbitMQ management UI are vulnerable to XSS attacks. |
References |
---|
https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9 |