rabbitmq

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Highly reliable and performant enterprise messaging implementation of AMQP written in Erlang/OTP
Version	3.12.10-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2109	3.8.16-1	3.8.19-1	Low	Fixed
AVG-1967	3.8.14-1		Medium	Not affected
AVG-1966	3.8.14-1	3.8.16-1	Medium	Fixed
AVG-322	3.6.8-1	3.6.9-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-32719	AVG-2109	Low	Yes	Cross-site scripting	In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the rabbitmq_federation_management...
CVE-2021-32718	AVG-2109	Low	Yes	Cross-site scripting	In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message...
CVE-2021-22117	AVG-1967	Medium	No	Arbitrary code execution	RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local...
CVE-2021-22116	AVG-1966	Medium	Yes	Denial of service	RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection...
CVE-2017-4967	AVG-322	Medium	Yes	Cross-site scripting	It has been discovered that several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
CVE-2017-4966	AVG-322	Medium	No	Information disclosure	It has been discovered that the RabbitMQ management UI stores signed- in user credentials in a browser's local storage without expiration, making it...
CVE-2017-4965	AVG-322	Medium	Yes	Cross-site scripting	It has been discovered that several forms in the RabbitMQ management UI are vulnerable to XSS attacks.

Advisories

Date	Advisory	Group	Severity	Type
06 Jul 2021	ASA-202107-17	AVG-2109	Low	cross-site scripting
01 Jun 2021	ASA-202106-17	AVG-1966	Medium	denial of service