// For flags

CVE-2019-11291

RabbitMQ XSS attack via federation and shovel endpoints

Severity Score

4.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.

Pivotal RabbitMQ, versiones 3.7 anteriores a v3.7.20 y versiones 3.8 anteriores a v3.8.1, y RabbitMQ para PCF, versiones 1.16.x anteriores a 1.16.7 y versiones 1.17.x anteriores a 1.17.4, contienen dos endpoints, federation y shovel, que no sanean apropiadamente la entrada de usuario. Un usuario malicioso autenticado remoto con acceso administrativo podría crear un ataque de tipo cross site scripting por medio de los campos vhost o node name, lo que podría otorgar acceso a los hosts virtuales e información de administración de políticas.

A flaw was discovered in rabbitmq-server where two endpoints, federation and shovel, do not properly sanitize user input. A remote, authenticated user, with administrative access, could execute a cross site scripting attack, using the vhost or node name fields, that could grant access to virtual hosts and policy management information. The largest threat associated with this vulnerability is to data confidentiality and integrity.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-04-18 CVE Reserved
  • 2019-11-22 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
 Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
 >= 1.16.0 < 1.16.7
Search vendor "Vmware" for product "Rabbitmq" and version " >= 1.16.0 < 1.16.7"
pivotal_cloud_foundry
Affected
Vmware
Search vendor "Vmware"
 Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
 >= 1.17.0 < 1.17.4
Search vendor "Vmware" for product "Rabbitmq" and version " >= 1.17.0 < 1.17.4"
pivotal_cloud_foundry
Affected
Vmware
Search vendor "Vmware"
 Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
 >= 3.7.0 < 3.7.20
Search vendor "Vmware" for product "Rabbitmq" and version " >= 3.7.0 < 3.7.20"
-
Affected
Vmware
Search vendor "Vmware"
 Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
 3.8.0
Search vendor "Vmware" for product "Rabbitmq" and version "3.8.0"
-
Affected
Redhat
Search vendor "Redhat"
 Openstack
Search vendor "Redhat" for product "Openstack"
 15
Search vendor "Redhat" for product "Openstack" and version "15"
-
Affected