Logging Vulnerability in RabbitMQ for Pivotal Cloud Foundry
CVE-2016-0929

7.5HIGH

Key Information:

Status
Vendor
CVE Published:
18 September 2016

What is CVE-2016-0929?

A metric-collection component in RabbitMQ for Pivotal Cloud Foundry versions prior to 1.6.4 improperly logs command lines of failed commands. This vulnerability can potentially expose sensitive information, such as user credentials, through syslog messages that include command line details. Attackers with context access to these log files may exploit this flaw to retrieve sensitive data.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.