XSS Vulnerability in Pivotal RabbitMQ Management UI
CVE-2017-4965

6.1MEDIUM

Key Information:

Vendor
CVE Published:
13 June 2017

What is CVE-2017-4965?

An XSS vulnerability was identified in the management user interface of Pivotal RabbitMQ, affecting multiple versions of the product. This flaw allows attackers to inject malicious scripts through several forms, potentially compromising users' sessions and leading to unauthorized actions. The vulnerability exists across various versions of RabbitMQ, including those prior to 3.6.9 and specific RabbitMQ for PCF versions. Users are advised to upgrade to the latest versions to mitigate this risk.

Affected Version(s)

Pivotal RabbitMQ Pivotal RabbitMQ

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.