CVE-2021-32719

CWE-80CWE-79Cross-site Scripting (XSS)7 documents6 sources
Severity
4.8MEDIUM
EPSS
0.1%
top 69.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Rabbitmq Rabbitmq-serverVmware Rabbitmq
Timeline
PublishedJun 28
Latest updateDec 9

Description

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:NExploitability: 0.5 | Impact: 2.5

Affected Packages3 packages

CVEListV5rabbitmq/rabbitmq-server< 3.8.18
Debianrabbitmq-server< 3.9.4-1+2
NVDvmware/rabbitmq< 3.8.18

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
rabbitmq-server vulnerabilities2024-12-09
OSV
CVE-2021-32719: RabbitMQ is a multi-protocol messaging broker2021-06-28
CVEList
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ federation management plugin2021-06-28

📋Vendor Advisories

3
Ubuntu
RabbitMQ Server vulnerabilities2024-12-09
Red Hat
rabbitmq-server: improper neutralization of script-related HTML tags in a web page (basic XSS) in federation management plugin2021-06-19
Debian
CVE-2021-32719: rabbitmq-server - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to versi...2021