Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Arch Linux: 202107-17 Low: Rabbitmq Cross-Site Scripting Advisory

Archlinux Large Esm H446
The package rabbitmq before version 3.8.19-1 is vulnerable to cross- site scripting.
Arch Linux Security Advisory ASA-202107-17
=========================================
Severity: Low
Date    : 2021-07-06
CVE-ID  : CVE-2021-32718 CVE-2021-32719
Package : rabbitmq
Type    : cross-site scripting
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2109

Summary
======
The package rabbitmq before version 3.8.19-1 is vulnerable to cross-site scripting.

Resolution
=========
Upgrade to 3.8.19-1.

# pacman -Syu "rabbitmq>=3.8.19-1"

The problems have been fixed upstream in version 3.8.19.

Workaround
=========
As a workaround, disable the rabbitmq_management plugin and use CLI
tools for management operations and Prometheus and Grafana for metrics
and monitoring.

Description
==========
- CVE-2021-32718 (cross-site scripting)

In rabbitmq-server prior to version 3.8.17, a new user being added via
management UI could lead to the user's bane being rendered in a
confirmation message without proper