Vmware Rabbitmq vulnerabilities
6 known vulnerabilities affecting vmware/rabbitmq.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-46118MEDIUMCVSS 4.9fixed in 3.11.24≥ 3.12.0, < 3.12.72023-10-25
CVE-2023-46118 [MEDIUM] CWE-400 CVE-2023-46118: RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP reques
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of
nvd
CVE-2022-31008HIGHCVSS 7.5fixed in 3.8.322022-10-06
CVE-2022-31008 [MEDIUM] CWE-330 CVE-2022-31008: RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and fed
RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably e
nvd
CVE-2021-32719MEDIUMCVSS 4.8fixed in 3.8.182021-06-28
CVE-2021-32719 [LOW] CWE-80 CVE-2021-32719: RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a fe
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The
nvd
CVE-2021-32718MEDIUMCVSS 5.4fixed in 3.8.172021-06-28
CVE-2021-32718 [LOW] CWE-80 CVE-2021-32718: RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new use
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user
nvd
CVE-2021-22116HIGHCVSS 7.5fixed in 3.8.162021-06-08
CVE-2021-22116 [HIGH] CWE-400 CVE-2021-22116: RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
nvd
CVE-2019-11291MEDIUMCVSS 4.8≥ 1.16.0, < 1.16.7≥ 1.17.0, < 1.17.42019-11-22
CVE-2019-11291 [MEDIUM] CWE-79 CVE-2019-11291: Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PC
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site s
nvd