Platform
other
Component
rabbitmq
Fixed in
3.7.19
1.15.1
11.16.1
1.17.1
CVE-2019-11281 describes a cross-site scripting (XSS) vulnerability present in RabbitMQ versions prior to 3.7.18. This flaw allows a remote, authenticated administrator to inject malicious scripts, potentially gaining access to sensitive virtual host and policy management information. The vulnerability affects versions 3.7.17 and earlier, and a patch is available in version 3.7.18.
An attacker exploiting CVE-2019-11281 could leverage the XSS vulnerability within the virtual host limits page and federation management UI of RabbitMQ. Successful exploitation requires administrative access to the RabbitMQ server. The attacker could inject malicious JavaScript code that executes in the context of other administrators or users accessing those pages. This could lead to the theft of session cookies, redirection to phishing sites, or modification of RabbitMQ configurations, potentially disrupting message queuing services and compromising sensitive data. While the CVSS score is LOW, the potential for unauthorized access to critical configuration data warrants prompt remediation.
CVE-2019-11281 was publicly disclosed on October 16, 2019. There is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) code has been widely reported. The vulnerability is not currently listed on the CISA KEV catalog. The LOW CVSS score suggests a relatively low probability of exploitation in the wild.
Exploit Status
EPSS
1.01% (77% percentile)
CVSS Vector
The primary mitigation for CVE-2019-11281 is to upgrade RabbitMQ to version 3.7.18 or later. If an immediate upgrade is not feasible, consider implementing strict input validation on the virtual host limits page and federation management UI to sanitize user-provided data. While not a complete fix, this can reduce the attack surface. Web application firewalls (WAFs) configured to detect and block XSS payloads targeting RabbitMQ endpoints could also provide a temporary layer of protection. After upgrading, confirm the fix by attempting to inject a simple XSS payload into the virtual host limits page and verifying that it is properly sanitized.
Update RabbitMQ to version 3.7.18 or later. For RabbitMQ for PCF, update to version 1.15.13, 1.16.6, or 1.17.3 as appropriate. This corrects the Cross-Site Scripting (XSS) vulnerability in the administration interfaces.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-11281 is a cross-site scripting (XSS) vulnerability affecting RabbitMQ versions prior to 3.7.18, allowing remote, authenticated admins to inject malicious scripts.
You are affected if you are running RabbitMQ versions prior to 3.7.18. This includes versions 3.7.17 and earlier.
Upgrade RabbitMQ to version 3.7.18 or later to resolve the vulnerability. Consider input validation as a temporary mitigation.
There is no current evidence of active exploitation campaigns targeting CVE-2019-11281.
Refer to the Pivotal Security Advisory for details: https://www.rabbitmq.com/security-advisories/CVE-2019-11281.html
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.