CVE-2020-5419
6.7
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| VMware Tanzu | RabbitMQ | 3.7 < 3.7.28 | affected |
| VMware Tanzu | RabbitMQ | 3.8 < 3.8.7 | affected |
Weaknesses
- CWE-427: CWE-427: Uncontrolled Search Path Element
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.