Your submission was sent successfully! Close

CVE-2021-22117

Published: 18 May 2021

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.

Notes

AuthorNote
sbeattie
windows installers only
Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
rabbitmq-server
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(windows installers only)
focal Not vulnerable
(windows installers only)
groovy Not vulnerable
(windows installers only)
hirsute Not vulnerable
(windows installers only)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(windows installers only)