CVE-2021-22117

Summary

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.

Affected Software

VendorProductVersion RangeStatus
n/aRabbitMQRabbitMQ Windows installers prior to version 3.8.16affected

Weaknesses

  • CWE-94: CWE-94: Improper Control of Generation of Code

ADP Enrichment

CVE Program Container

Additional References

References