CVE-2021-22117
Severity
7.8HIGH
EPSS
0.1%
top 71.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 18
Latest updateMay 24
Description
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages2 packages
🔴Vulnerability Details
2📋Vendor Advisories
1Debian▶
CVE-2021-22117: rabbitmq-server - RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin dire...↗2021