GCVE - cpe:2.3:a:pivotal:rabbitmq:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:pivotal:rabbitmq:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Pivotal (`c2eefbd5-173d-5b7c-b22b-5a5aa11c4b70`)
Product	Rabbitmq (`f25603e5-b7e5-55ea-bb14-caa234aece3c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-11291`	vulnerable	2026-06-03 14:39:32.657076	RabbitMQ XSS attack via federation and shovel endpoints LOW (3.1) Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information. Published: 2019-11-22T22:56:08.641Z Updated: 2024-09-17T00:31:38.392Z Open on db.gcve.eu Reference links https://pivotal.io/security/cve-2019-11291 https://access.redhat.com/errata/RHSA-2020:0553	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11287`	vulnerable	2026-06-03 14:39:32.642604	RabbitMQ Web Management Plugin DoS via heap overflow MEDIUM (4.5) Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. Published: 2019-11-22T23:26:08.880Z Updated: 2024-09-16T22:24:51.121Z Open on db.gcve.eu Reference links https://pivotal.io/security/cve-2019-11287 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/ https://access.redhat.com/errata/RHSA-2020:0078 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11281`	vulnerable	2026-06-03 14:39:32.622703	RabbitMQ XSS attack LOW (2.4) Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information. Published: 2019-10-16T15:23:47.309Z Updated: 2024-09-16T19:05:38.917Z Open on db.gcve.eu Reference links https://pivotal.io/security/cve-2019-11281 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/ https://access.redhat.com/errata/RHSA-2020:0078 https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.