CVE-2017-4965

Name of the Vulnerable Software and Affected Versions RabbitMQ versions 3.4.x through 3.5.x and 3.6.x prior to 3.6.9 RabbitMQ for PCF versions 1.5.x and 1.6.x prior to 1.6.18 and 1.7.x prior to 1.7.15

Description The issue is related to insufficient protection measures in the RabbitMQ management UI, which makes several forms vulnerable to XSS attacks. This could allow a remote attacker to impact data integrity.

Recommendations For RabbitMQ versions 3.4.x through 3.5.x and 3.6.x prior to 3.6.9, update to version 3.6.9 or later. For RabbitMQ for PCF versions 1.5.x, update to version 1.6.18 or later. For RabbitMQ for PCF versions 1.6.x prior to 1.6.18, update to version 1.6.18 or later. For RabbitMQ for PCF versions 1.7.x prior to 1.7.15, update to version 1.7.15 or later. As a temporary workaround, consider restricting access to the RabbitMQ management UI to minimize the risk of exploitation.