GCVE - cpe:2.3:a:pivotal:rabbitmq_for_pivotal

Approved changes feed: RSS · Atom

cpe:2.3:a:pivotal:rabbitmq_for_pivotal_platform:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Pivotal (`c2eefbd5-173d-5b7c-b22b-5a5aa11c4b70`)
Product	Rabbitmq For Pivotal Platform (`9dcad031-2cf7-5c96-a31e-057c9c18407c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-11291`	vulnerable	2026-06-03 14:39:32.657110	RabbitMQ XSS attack via federation and shovel endpoints LOW (3.1) Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information. Published: 2019-11-22T22:56:08.641Z Updated: 2024-09-17T00:31:38.392Z Open on db.gcve.eu Reference links https://pivotal.io/security/cve-2019-11291 https://access.redhat.com/errata/RHSA-2020:0553	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11287`	vulnerable	2026-06-03 14:39:32.642559	RabbitMQ Web Management Plugin DoS via heap overflow MEDIUM (4.5) Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. Published: 2019-11-22T23:26:08.880Z Updated: 2024-09-16T22:24:51.121Z Open on db.gcve.eu Reference links https://pivotal.io/security/cve-2019-11287 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/ https://access.redhat.com/errata/RHSA-2020:0078 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Rabbitmq For Pivotal Platform

PURL mappings

Vulnerability references

Contribute