rabbitmq

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Highly reliable and performant enterprise messaging implementation of AMQP written in Erlang/OTP
Version 3.8.22-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2109 3.8.16-1 3.8.19-1 Low Fixed
AVG-1967 3.8.14-1 Medium Not affected
AVG-1966 3.8.14-1 3.8.16-1 Medium Fixed
AVG-322 3.6.8-1 3.6.9-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-32719 AVG-2109 Low Yes Cross-site scripting
In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmq_federation_management...
CVE-2021-32718 AVG-2109 Low Yes Cross-site scripting
In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message...
CVE-2021-22117 AVG-1967 Medium No Arbitrary code execution
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local...
CVE-2021-22116 AVG-1966 Medium Yes Denial of service
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection...
CVE-2017-4967 AVG-322 Medium Yes Cross-site scripting
It has been discovered that several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
CVE-2017-4966 AVG-322 Medium No Information disclosure
It has been discovered that the RabbitMQ management UI stores signed- in user credentials in a browser's local storage without expiration, making it...
CVE-2017-4965 AVG-322 Medium Yes Cross-site scripting
It has been discovered that several forms in the RabbitMQ management UI are vulnerable to XSS attacks.

Advisories

Date Advisory Group Severity Type
06 Jul 2021 ASA-202107-17 AVG-2109 Low cross-site scripting
01 Jun 2021 ASA-202106-17 AVG-1966 Medium denial of service