CVSS: 6.1EPSS: 1%CPEs: 69EXPL: 0CVE-2017-4965
https://notcve.org/view.php?id=CVE-2017-4965
13 Jun 2017 — An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. Se detectó un problema en estas versiones de RabbitMQ de Pivotal: todas las versiones 3.4.x, todas las versiones 3.5.x y versiones 3.6.x anteriores a 3.6.9; y en estas versiones... • http://www.securityfocus.com/bid/98394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 69EXPL: 0CVE-2017-4966 – Ubuntu Security Notice USN-6265-1
https://notcve.org/view.php?id=CVE-2017-4966
13 Jun 2017 — An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack. Se detectó un problema en estas versiones de RabbitMQ de Pivotal: todas las versiones ... • https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 76EXPL: 0CVE-2016-9877 – Ubuntu Security Notice USN-3374-1
https://notcve.org/view.php?id=CVE-2016-9877
29 Dec 2016 — An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected. Un problema fue descubierto en Pivotal RabbitMQ 3.x en versiones anteriores... • http://www.debian.org/security/2017/dsa-3761 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9494
https://notcve.org/view.php?id=CVE-2014-9494
20 Jan 2015 — RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header. RabbitMQ anterior a 3.4.0 permite a atacantes remotos evadir la restricción loopback_users a través de una cabecera X-Forwareded-For manipulada. • http://seclists.org/oss-sec/2015/q1/30 • CWE-264: Permissions, Privileges, and Access Controls •