CVE-2020-5419

CWE-4274 documents4 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 78.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Tanzu Rabbitmq Broadcom Rabbitmq Server Pivotal Software Rabbitmq

Timeline

PublishedAug 31

Latest updateMay 24

Description

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5vmware_tanzu/rabbitmq3.7 — 3.7.28+1

▶NVDbroadcom/rabbitmq_server3.8.0 — 3.8.7

▶NVDpivotal_software/rabbitmq< 3.7.28

🔴Vulnerability Details

GHSA

GHSA-82gq-g626-8g5r: RabbitMQ versions 3↗2022-05-24

▶

CVEList

RabbitMQ arbitrary code execution using local binary planting↗2020-08-31

▶

📋Vendor Advisories

Debian

CVE-2020-5419: rabbitmq-server - RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary pl...↗2020

▶