Plattform
other
Komponente
rabbitmq
Behoben in
3.7.20
3.8.1
1.16.7
1.17.4
CVE-2019-11291 describes a Cross-Site Scripting (XSS) vulnerability discovered in RabbitMQ. This flaw allows a remote, authenticated attacker with administrative privileges to inject malicious scripts through the vhost or node name fields. The vulnerability impacts RabbitMQ versions 3.7 prior to 3.7.20 and 3.8 prior to 3.8.1. A fix is available in version 3.8.1.
This XSS vulnerability allows a remote, authenticated attacker with administrative access to inject malicious scripts into RabbitMQ's web interface. By manipulating the vhost or node name fields, an attacker could execute arbitrary JavaScript code in the context of other users accessing the RabbitMQ management interface. This could lead to the theft of session cookies, redirection to malicious websites, or the modification of RabbitMQ configurations. The potential impact extends to virtual host and policy management information, which could be compromised or altered, disrupting messaging services and potentially enabling further attacks.
CVE-2019-11291 is not listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting limited active exploitation. The vulnerability's LOW CVSS score reflects the requirement for authenticated administrative access, limiting its immediate exploitability. However, the potential for privilege escalation within the RabbitMQ environment warrants attention.
Organizations heavily reliant on RabbitMQ for message queuing, particularly those with complex virtual host configurations or shared administrative accounts, are at increased risk. Environments where RabbitMQ is integrated with other critical systems, such as microservices architectures, face a higher potential impact from a successful compromise.
• linux / server:
journalctl -u rabbitmq-server | grep -i "vhost name" -i "node name"• generic web:
curl -I http://<rabbitmq_host>/api/vhosts | grep -i "X-Content-Type-Options"• generic web:
curl -I http://<rabbitmq_host>/api/nodes | grep -i "X-Content-Type-Options"disclosure
Exploit-Status
EPSS
0.48% (65% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2019-11291 is to upgrade RabbitMQ to version 3.8.1 or later. If an immediate upgrade is not feasible, consider restricting administrative access to the RabbitMQ management interface to trusted users only. Implementing a Web Application Firewall (WAF) with rules to sanitize user input in the vhost and node name fields can provide an additional layer of defense. Monitor RabbitMQ logs for suspicious activity, particularly related to vhost and node creation or modification. After upgrading, verify the fix by attempting to create a vhost or node with a malicious script payload; the input should be properly sanitized and not execute.
Actualice RabbitMQ a la versión 3.7.20 o superior, o a la versión 3.8.1 o superior. Para RabbitMQ for PCF, actualice a la versión 1.16.7 o superior, o a la versión 1.17.4 o superior. Esto corrige la vulnerabilidad de cross-site scripting (XSS) en los endpoints de federation y shovel.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-11291 is a Cross-Site Scripting vulnerability affecting RabbitMQ versions 3.7 (prior to v3.7.20) and 3.8 (prior to v3.8.1). It allows an authenticated attacker to inject malicious scripts.
You are affected if you are running RabbitMQ versions 3.7 prior to 3.7.20 or 3.8 prior to 3.8.1 and have authenticated administrative users.
Upgrade RabbitMQ to version 3.8.1 or later. As a temporary measure, implement input validation on vhost and node name fields.
There is no current evidence of active exploitation campaigns targeting CVE-2019-11291, but the vulnerability's nature makes it potentially exploitable.
Refer to the official RabbitMQ security advisory: https://www.rabbitmq.com/security.html
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.