CVE-2021-32719 |
AVG-2109 |
Low |
Yes |
Cross-site scripting |
In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmq_federation_management... |
CVE-2021-32718 |
AVG-2109 |
Low |
Yes |
Cross-site scripting |
In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message... |
CVE-2021-22117 |
AVG-1967 |
Medium |
No |
Arbitrary code execution |
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local... |
CVE-2021-22116 |
AVG-1966 |
Medium |
Yes |
Denial of service |
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection... |
CVE-2017-4967 |
AVG-322 |
Medium |
Yes |
Cross-site scripting |
It has been discovered that several forms in the RabbitMQ management UI are vulnerable to XSS attacks. |
CVE-2017-4966 |
AVG-322 |
Medium |
No |
Information disclosure |
It has been discovered that the RabbitMQ management UI stores signed- in user credentials in a browser's local storage without expiration, making it... |
CVE-2017-4965 |
AVG-322 |
Medium |
Yes |
Cross-site scripting |
It has been discovered that several forms in the RabbitMQ management UI are vulnerable to XSS attacks. |