CVE-2021-32719

CVSS v2.0

4.9

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.8.18

Description The issue arises from the rabbitmq federation management plugin in RabbitMQ, where a federation link's consumer tag is rendered without proper sanitization of <script> tags in the management UI. This potentially allows for JavaScript code execution in the context of the page, but the user must be signed in and have elevated permissions for this to occur.

Recommendations For versions prior to 3.8.18, update to RabbitMQ 3.8.18 to patch the vulnerability. As a temporary workaround, consider disabling the rabbitmq federation management plugin and use CLI tools instead.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-80

Related Identifiers

BDU:2021-03490

BIT-RABBITMQ-2021-32719

CVE-2021-32719

GHSA-5452-HXJ4-773X

MGASA-2021-0390

OPENSUSE-SU-2021:1334-1

OPENSUSE-SU-2021:3325-1

OPENSUSE-SU-2021_1334-1

OPENSUSE-SU-2021_3325-1

RHSA-2022:8851

SUSE-FU-2024:2078-1

SUSE-SU-2021:3254-1

SUSE-SU-2021:3325-1

USN-7143-1

Affected Products

Astra Linux

Debian

Linuxmint

Rabbitmq

Suse

Ubuntu

CVE-2021-32719

Weakness Enumeration

Related Identifiers

Affected Products

References · 47