PT-2020-17286 · Pivotal · Rabbitmq

Koharin

Published

2020-12-17

Updated

2020-12-22

CVE-2020-35196

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions rabbitmq versions prior to 3.7.13-beta.1-management-alpine

Description The official rabbitmq docker images contain a blank password for a root user, which may allow a remote attacker to achieve root access with a blank password. Systems using the rabbitmq docker container deployed by affected versions of the docker image are at risk.

Recommendations For versions prior to 3.7.13-beta.1-management-alpine, update to version 3.7.13-beta.1-management-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value to prevent unauthorized access.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-35196

Affected Products

Rabbitmq

PT-2020-17286 · Pivotal · Rabbitmq

CVE-2020-35196

Weakness Enumeration

Related Identifiers

Affected Products

References · 6