CVE-2020-5419

Published: 31 August 2020

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.

Notes

Author	Note
mdeslaur	windows-specific

Priority

CVSS 3 base score: 6.7

Status

Package	Release	Status
rabbitmq-server Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	focal	Not vulnerable
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5419
https://tanzu.vmware.com/security/cve-2020-5419
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›