AVG-322 log
| Package | rabbitmq |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 3.6.8-1 |
| Fixed | 3.6.9-1 |
| Current | 4.2.0-1 [extra] |
| Ticket | None |
| Created | Thu Jun 22 14:26:54 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-4967 | Medium | Yes | Cross-site scripting | It has been discovered that several forms in the RabbitMQ management UI are vulnerable to XSS attacks. |
| CVE-2017-4966 | Medium | No | Information disclosure | It has been discovered that the RabbitMQ management UI stores signed- in user credentials in a browser's local storage without expiration, making it... |
| CVE-2017-4965 | Medium | Yes | Cross-site scripting | It has been discovered that several forms in the RabbitMQ management UI are vulnerable to XSS attacks. |
| References |
|---|
https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9 |