Arch Linux Security Advisory ASA-202107-17

Severity: Low
Date    : 2021-07-06
CVE-ID  : CVE-2021-32718 CVE-2021-32719
Package : rabbitmq
Type    : cross-site scripting
Remote  : Yes
Link    :


The package rabbitmq before version 3.8.19-1 is vulnerable to cross-
site scripting.


Upgrade to 3.8.19-1.

# pacman -Syu "rabbitmq>=3.8.19-1"

The problems have been fixed upstream in version 3.8.19.


As a workaround, disable the rabbitmq_management plugin and use CLI
tools for management operations and Prometheus and Grafana for metrics
and monitoring.


- CVE-2021-32718 (cross-site scripting)

In rabbitmq-server prior to version 3.8.17, a new user being added via
management UI could lead to the user's bane being rendered in a
confirmation message without proper