CVE-2021-22117

Published: 18 May 2021

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.

Notes

Author	Note
sbeattie	windows installers only

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
rabbitmq-server Launchpad, Ubuntu, Debian	bionic	Not vulnerable (windows installers only)
	focal	Not vulnerable (windows installers only)
	groovy	Not vulnerable (windows installers only)
	hirsute	Not vulnerable (windows installers only)
	precise	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable (windows installers only)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22117
https://tanzu.vmware.com/security/cve-2021-22117
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›