CVE-2020-5419

Summary

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
VMware TanzuRabbitMQ3.7 < 3.7.28affected
VMware TanzuRabbitMQ3.8 < 3.8.7affected

Weaknesses

  • CWE-427: CWE-427: Uncontrolled Search Path Element

ADP Enrichment

CVE Program Container

Additional References

References