CVE-2021-22117
https://notcve.org/view.php?id=CVE-2021-22117
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. Los instaladores de RabbitMQ en Windows anterior a versión 3.8.16, no endurecen los permisos de los directorios de los plugins, permitiendo potencialmente a atacantes con suficientes permisos del sistema de archivos local añadir plugins arbitrarios • https://tanzu.vmware.com/security/cve-2021-22117 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-5419 – RabbitMQ arbitrary code execution using local binary planting
https://notcve.org/view.php?id=CVE-2020-5419
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. RabbitMQ versiones 3.8.x anteriores a 3.8.7, son propensas a una vulnerabilidad de seguridad de plantación de binario específico de Windows que permite una ejecución de código arbitraria. Un atacante con privilegios de escritura en el directorio de instalación de RabbitMQ y acceso local en Windows podría llevar a cabo un ataque de secuestro (plantación) de binario local y ejecutar código arbitrario • https://tanzu.vmware.com/security/cve-2020-5419 • CWE-427: Uncontrolled Search Path Element •
CVE-2019-11287 – RabbitMQ Web Management Plugin DoS via heap overflow
https://notcve.org/view.php?id=CVE-2019-11287
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. Pivotal RabbitMQ, versiones 3.7.x anteriores a 3.7.21 y versiones 3.8.x anteriores a 3.8.1, y RabbitMQ para Pivotal Platform, versiones 1.16.x anteriores a 1.16.7 y versiones 1.17.x versiones anteriores a 1.17.4, contienen un plugin de administración web que es vulnerable a un ataque de denegación de servicio. El encabezado "X-Reason" de HTTP puede ser aprovechado para insertar una cadena de formato Erlang maliciosa que expandirá y consumirá la pila, resultando en el bloqueo del servidor. A resource-consumption flaw was identified in the rabbitmq-server web management plugin. • https://access.redhat.com/errata/RHSA-2020:0078 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4 https://pivotal.io/security/cve-2 • CWE-20: Improper Input Validation CWE-134: Use of Externally-Controlled Format String CWE-400: Uncontrolled Resource Consumption •
CVE-2019-11291 – RabbitMQ XSS attack via federation and shovel endpoints
https://notcve.org/view.php?id=CVE-2019-11291
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information. Pivotal RabbitMQ, versiones 3.7 anteriores a v3.7.20 y versiones 3.8 anteriores a v3.8.1, y RabbitMQ para PCF, versiones 1.16.x anteriores a 1.16.7 y versiones 1.17.x anteriores a 1.17.4, contienen dos endpoints, federation y shovel, que no sanean apropiadamente la entrada de usuario. Un usuario malicioso autenticado remoto con acceso administrativo podría crear un ataque de tipo cross site scripting por medio de los campos vhost o node name, lo que podría otorgar acceso a los hosts virtuales e información de administración de políticas. A flaw was discovered in rabbitmq-server where two endpoints, federation and shovel, do not properly sanitize user input. • https://access.redhat.com/errata/RHSA-2020:0553 https://pivotal.io/security/cve-2019-11291 https://access.redhat.com/security/cve/CVE-2019-11291 https://bugzilla.redhat.com/show_bug.cgi?id=1783327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-11087 – TLS validation error
https://notcve.org/view.php?id=CVE-2018-11087
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit. Pivotal Spring AMQP, en versiones 1.x anteriores a la 1.7.10 y versiones 2.x anteriores a la 2.0.6, expone una vulnerabilidad Man-in-the-Middle (MitM) debido a la falta de validación de nombres de host. Un usuario malicioso que pueda interceptar tráfico sería capaz de ver los datos en tránsito. • https://pivotal.io/security/cve-2018-11087 • CWE-295: Improper Certificate Validation •