CVE-2017-4967

Name of the Vulnerable Software and Affected Versions RabbitMQ versions 3.4.x through 3.5.x RabbitMQ versions 3.6.x prior to 3.6.9 RabbitMQ for PCF versions 1.5.x RabbitMQ for PCF versions 1.6.x prior to 1.6.18 RabbitMQ for PCF versions 1.7.x prior to 1.7.15

Description The issue is related to insufficient protection measures in the RabbitMQ management UI, which can be exploited by a remote attacker to impact data integrity. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.

Recommendations For RabbitMQ versions 3.4.x through 3.5.x, update to a version after 3.5.x. For RabbitMQ versions 3.6.x prior to 3.6.9, update to version 3.6.9 or later. For RabbitMQ for PCF versions 1.5.x, update to a version after 1.5.x. For RabbitMQ for PCF versions 1.6.x prior to 1.6.18, update to version 1.6.18 or later. For RabbitMQ for PCF versions 1.7.x prior to 1.7.15, update to version 1.7.15 or later. As a temporary workaround, consider restricting access to the vulnerable RabbitMQ management UI forms until a patch is available.