Cross-Site Scripting Vulnerability in RabbitMQ Management UI by Pivotal
CVE-2017-4967

6.1MEDIUM

Key Information:

Vendor
CVE Published:
13 June 2017

What is CVE-2017-4967?

A vulnerability found in specific versions of Pivotal RabbitMQ exposes the management UI to potential Cross-Site Scripting attacks. This occurs due to several vulnerable forms present in the interface, which can be exploited by an attacker to execute malicious scripts in the context of the user's browser. Users of RabbitMQ versions 3.4.x, 3.5.x, 3.6.x (prior to 3.6.9), and certain versions of RabbitMQ for PCF should prioritize updating their systems to mitigate the risk associated with this vulnerability.

Affected Version(s)

Pivotal RabbitMQ Pivotal RabbitMQ

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.