Ubuntu 7143-1: RabbitMQ Server Security Advisory Updates
ubuntu
December 9, 2024
RabbitMQ Server could be made to expose sensitive information over the network.
Summary
RabbitMQ Server could be made to expose sensitive information over the
network.
Software Description:
- rabbitmq-server: AMQP server written in Erlang
Details:
Christian Rellmann discovered that RabbitMQ Server did not properly
sanitize user input when adding a new user via the management UI. An
attacker could possibly use this issue to perform cross site scripting and
obtain sensitive information. (CVE-2021-32718)
Fahimhusain Raydurg discovered that RabbitMQ Server did not properly
sanitize user input when using the federation management plugin. An
attacker could possibly use this issue to perform cross site scripting and
obtain sensitive information. (CVE-2021-32719)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS rabbitmq-server 3.8.3-0ubuntu0.2 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7143-1
CVE-2021-32718, CVE-2021-32719
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-7143-1
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!