rabbitmq
Behoben in
3.7.19
1.15.1
11.16.1
1.17.1
CVE-2019-11281 describes a cross-site scripting (XSS) vulnerability present in RabbitMQ versions prior to 3.7.18. This flaw allows a remote, authenticated administrator to inject malicious scripts, potentially gaining access to sensitive virtual host and policy management information. The vulnerability impacts the virtual host limits page and the federation management UI. Affected versions include RabbitMQ versions ≤3.7.18, RabbitMQ for PCF versions 1.15.x prior to 1.15.13, 1.16.x prior to 1.16.6, and 1.17.x prior to 1.17.3. An upgrade to version 3.7.18 resolves this issue.
Successful exploitation of CVE-2019-11281 allows an attacker with administrative privileges to execute arbitrary JavaScript code within the context of a RabbitMQ user's browser. This can lead to the theft of session cookies, enabling the attacker to impersonate the user and gain unauthorized access to RabbitMQ management functions. The attacker could potentially view and modify virtual host configurations, queue settings, and other critical policy information. While the vulnerability requires authentication, the administrative access needed makes it a significant risk within environments where privileged accounts are not properly secured. The blast radius is limited to the RabbitMQ management interface and the data accessible within that context.
CVE-2019-11281 has not been widely reported as being actively exploited in the wild. It is not currently listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is available, indicating the vulnerability is relatively easy to exploit given administrative access. The CVSS score of 2.4 (LOW) reflects the requirement for authentication and the limited scope of potential impact.
Organizations utilizing RabbitMQ for message queuing, particularly those with administrative access granted to users who may be susceptible to social engineering or phishing attacks, are at risk. Environments with legacy RabbitMQ installations running versions prior to 3.7.18 are especially vulnerable.
• linux / server: Examine RabbitMQ access logs for unusual patterns or suspicious URLs containing JavaScript code. Use grep to search for patterns like <script> or javascript: within the logs.
grep -i '<script' /var/log/rabbitmq/error.log• generic web: Use curl to test the virtual host limits page and federation management UI for XSS vulnerabilities. Attempt to inject simple payloads and observe the response.
curl 'http://rabbitmq-server/admin/virtualhosts/limits?param=<script>alert("XSS")</script>' disclosure
Exploit-Status
EPSS
1.01% (77% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2019-11281 is to upgrade RabbitMQ to version 3.7.18 or later. If an immediate upgrade is not feasible, consider implementing stricter access controls to limit the number of users with administrative privileges. Additionally, implement a Web Application Firewall (WAF) with rules to detect and block XSS payloads targeting the virtual host limits page and federation management UI. Regularly review and audit RabbitMQ configurations to ensure adherence to security best practices. After upgrading, confirm the fix by attempting to inject a simple XSS payload (e.g., <script>alert(1)</script>) into the virtual host limits page and verifying that the script is not executed.
Actualice RabbitMQ a la versión 3.7.18 o superior. Para RabbitMQ for PCF, actualice a la versión 1.15.13, 1.16.6 o 1.17.3, según corresponda. Esto corrige la vulnerabilidad de Cross-Site Scripting (XSS) en las interfaces de administración.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-11281 is a cross-site scripting (XSS) vulnerability affecting RabbitMQ versions prior to 3.7.18, allowing remote, authenticated admins to inject malicious scripts.
You are affected if you are running RabbitMQ versions prior to 3.7.18. This includes versions 3.7.17 and earlier.
Upgrade RabbitMQ to version 3.7.18 or later to resolve the vulnerability. Consider input validation as a temporary mitigation.
There is no current evidence of active exploitation campaigns targeting CVE-2019-11281.
Refer to the Pivotal Security Advisory for details: https://www.rabbitmq.com/security-advisories/CVE-2019-11281.html
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.