CVE-2021-32718

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.8.17

Description The issue concerns a potential JavaScript code execution in the context of the page when a new user is added via the management UI. This occurs due to insufficient sanitization of the <script> tag in the user's name, which is rendered in a confirmation message. The exploitation requires the user to be signed in and have elevated permissions for other user management.

Recommendations For versions prior to 3.8.17, update to RabbitMQ 3.8.17 to resolve the issue. As a temporary workaround, consider disabling the rabbitmq management plugin and use CLI tools for management operations, along with Prometheus and Grafana for metrics and monitoring.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

BDU:2025-04152

BIT-RABBITMQ-2021-32718

CVE-2021-32718

GHSA-C3HJ-RG5H-2772

MGASA-2021-0390

OPENSUSE-SU-2021:1334-1

OPENSUSE-SU-2021:3325-1

OPENSUSE-SU-2021_1334-1

OPENSUSE-SU-2021_3325-1

RHSA-2022:8851

RHSA-2022:8867

SUSE-FU-2024:2078-1

SUSE-SU-2021:3254-1

SUSE-SU-2021:3325-1

USN-7143-1

Affected Products

Astra Linux

Debian

Linuxmint

Rabbitmq

Suse

Ubuntu

CVE-2021-32718

Weakness Enumeration

Related Identifiers

Affected Products

References · 47