CVE-2019-11281

Summary

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.

Affected Software

VendorProductVersion RangeStatus
PivotalRabbitMQprior to v3.7.18affected
PivotalRabbitMQ for PCF1.15.x prior to 1.15.13affected
PivotalRabbitMQ for PCF11.16.x prior to 1.16.6affected
PivotalRabbitMQ for PCF1.17.x prior to 1.17.3affected

Weaknesses

  • CWE-79: CWE-79: Cross-site Scripting (XSS) - Generic

ADP Enrichment

CVE Program Container

Additional References

References