Your submission was sent successfully! Close

CVE-2020-5419

Published: 31 August 2020

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.

Notes

AuthorNote
mdeslaur
windows-specific
Priority

Medium

CVSS 3 base score: 6.7

Status

Package Release Status
rabbitmq-server
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable