PT-2020-18471 · Pivotal+1 · Rabbitmq
Ofir Hamam
+1
·
Published
2020-08-31
·
Updated
2026-01-15
·
CVE-2020-5419
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RabbitMQ versions 3.8.x prior to 3.8.7
Description
The issue allows for arbitrary code execution due to a Windows-specific binary planting security vulnerability. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking attack and execute arbitrary code.
Recommendations
For RabbitMQ versions 3.8.x prior to 3.8.7, update to version 3.8.7 or later to resolve the issue.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rabbitmq