ArchLinux: 202107-17: rabbitmq: cross-site scripting | LinuxSecurit...
Arch Linux Security Advisory ASA-202107-17
==========================================

Severity: Low
Date    : 2021-07-06
CVE-ID  : CVE-2021-32718 CVE-2021-32719
Package : rabbitmq
Type    : cross-site scripting
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2109

Summary
=======

The package rabbitmq before version 3.8.19-1 is vulnerable to cross-
site scripting.

Resolution
==========

Upgrade to 3.8.19-1.

# pacman -Syu "rabbitmq>=3.8.19-1"

The problems have been fixed upstream in version 3.8.19.

Workaround
==========

As a workaround, disable the rabbitmq_management plugin and use CLI
tools for management operations and Prometheus and Grafana for metrics
and monitoring.

Description
===========

- CVE-2021-32718 (cross-site scripting)

In rabbitmq-server prior to version 3.8.17, a new user being added via
management UI could lead to the user's bane being rendered in a
confirmation message without proper 
	
	
		
  

  
  
  

  

  
  
    

ArchLinux: 202107-17: rabbitmq: cross-site scripting

July 9, 2021
The package rabbitmq before version 3.8.19-1 is vulnerable to cross- site scripting

Summary

- CVE-2021-32718 (cross-site scripting)
In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper

CVE-ID : CVE-2021-32718 CVE-2021-32719
Package : rabbitmq
Type : cross-site scripting
Remote : Yes
Link : https://security.archlinux.org/AVG-2109

Impact

Crafted user banes and federation links could be used to inject arbitrary JavaScript code into the management web UI.

Workaround

As a workaround, disable the rabbitmq_management plugin and use CLItools for management operations and Prometheus and Grafana for metricsand monitoring.

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.