Platform
other
Component
rabbitmq
Fixed in
3.7.20
3.8.1
1.16.7
1.17.4
CVE-2019-11291 describes a Cross-Site Scripting (XSS) vulnerability discovered in RabbitMQ. This flaw allows a remote, authenticated attacker with administrative privileges to inject malicious scripts through the vhost or node name fields. The vulnerability impacts RabbitMQ versions 3.7 prior to 3.7.20 and 3.8 prior to 3.8.1. A fix is available in version 3.8.1.
Successful exploitation of CVE-2019-11291 allows an attacker to execute arbitrary JavaScript code within the context of a RabbitMQ administrator's session. This can lead to the theft of sensitive information, including credentials and configuration details related to virtual hosts and policies. The attacker could potentially gain complete control over the RabbitMQ cluster, enabling them to intercept messages, modify routing rules, and disrupt service. While requiring administrative access, the ease of exploitation through crafted vhost/node names presents a significant risk, especially in environments with weak access controls or shared administrative accounts.
CVE-2019-11291 was publicly disclosed on November 22, 2019. There is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) code has been widely distributed, but the vulnerability's nature suggests that a simple PoC could be easily created. It is not listed on the CISA KEV catalog.
Exploit Status
EPSS
0.48% (65% percentile)
CVSS Vector
The primary mitigation for CVE-2019-11291 is to upgrade RabbitMQ to version 3.8.1 or later. If immediate upgrading is not possible, consider implementing input validation on the vhost and node name fields to sanitize user-supplied data. While not a complete solution, this can reduce the attack surface. Additionally, review and restrict administrative access to RabbitMQ to only authorized personnel. Monitor RabbitMQ logs for suspicious activity, particularly attempts to create or modify vhosts or nodes with unusual names. There are no specific WAF rules or Sigma/YARA patterns readily available for this particular XSS vulnerability, making input validation and access control paramount.
Update RabbitMQ to version 3.7.20 or higher, or to version 3.8.1 or higher. For RabbitMQ for PCF, update to version 1.16.7 or higher, or to version 1.17.4 or higher. This corrects the cross-site scripting (XSS) vulnerability in the federation and shovel endpoints.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-11291 is a Cross-Site Scripting vulnerability affecting RabbitMQ versions 3.7 (prior to v3.7.20) and 3.8 (prior to v3.8.1). It allows an authenticated attacker to inject malicious scripts.
You are affected if you are running RabbitMQ versions 3.7 prior to 3.7.20 or 3.8 prior to 3.8.1 and have authenticated administrative users.
Upgrade RabbitMQ to version 3.8.1 or later. As a temporary measure, implement input validation on vhost and node name fields.
There is no current evidence of active exploitation campaigns targeting CVE-2019-11291, but the vulnerability's nature makes it potentially exploitable.
Refer to the official RabbitMQ security advisory: https://www.rabbitmq.com/security.html
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.