CVE-2021-43799

Name of the Vulnerable Software and Affected Versions Zulip Server versions prior to 4.9

Description Zulip Server is an open-source team collaboration tool that installs RabbitMQ for internal message passing. The initial installation of Zulip Server prior to version 4.9 does not successfully limit the default ports opened by RabbitMQ, including port 25672, the RabbitMQ distribution port. This port is protected by a default "cookie" generated using a weak PRNG, resulting in approximately 20 bits of entropy. If not protected by other firewalls, a remote attacker can brute-force the "cookie" and execute arbitrary code as the rabbitmq user, as well as read all data sent through RabbitMQ, including user message traffic.

Recommendations For versions prior to 4.9, ensure that firewalls prevent access to ports 5672 and 25672 from outside the Zulip server as a workaround. Update to version 4.9, which contains a patch for this issue.