Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-11281

Опубликовано: 16 окт. 2019
Источник: nvd
CVSS3: 2.4
CVSS3: 4.8
CVSS2: 3.5
EPSS Низкий

Описание

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:pivotal_software:rabbitmq:*:*:*:*:*:*:*:*
Версия до 3.7.18 (исключая)
cpe:2.3:a:pivotal_software:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*
Версия от 1.15.0 (включая) до 1.15.13 (исключая)
cpe:2.3:a:pivotal_software:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*
Версия от 1.16.0 (включая) до 1.16.6 (исключая)
cpe:2.3:a:pivotal_software:rabbitmq:*:*:*:*:*:pivotal_cloud_foundry:*:*
Версия от 1.17.0 (включая) до 1.17.3 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:openstack:15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_for_ibm_power:15:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.01014
Низкий

2.4 Low

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79
CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2019-11281

CVSS3: 4.8
ubuntu
больше 6 лет назад

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.

redhat логотип

CVE-2019-11281

CVSS3: 4.9
redhat
больше 6 лет назад

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.

debian логотип

CVE-2019-11281

CVSS3: 4.8
debian
больше 6 лет назад

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, ver ...

github логотип

GHSA-8v5q-8hwh-h2x8

CVSS3: 4.8
github
больше 3 лет назад

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.

fstec логотип

BDU:2021-05298

CVSS3: 4.8
fstec
больше 6 лет назад

Уязвимость брокера сообщений RabbitMQ, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 77%
0.01014
Низкий

2.4 Low

CVSS3

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79
CWE-79