CVE-2018-1279

Name of the Vulnerable Software and Affected Versions Pivotal RabbitMQ for PCF, all versions

Description The issue allows a remote attacker to gain full control over the entire cluster by guessing a deterministically generated cookie shared between machines in a multi-tenant cluster. This can be achieved if the attacker has knowledge of the network topology and access to the right ports on any server in the cluster.

Recommendations For all versions, consider restricting access to the cluster and limiting the information available about the network topology to minimize the risk of exploitation. As a temporary workaround, review and enhance the security configuration of the RabbitMQ cluster to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.