Your submission was sent successfully! Close

CVE-2021-22117

Published: 18 May 2021

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
rabbitmq-server
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(windows installers only)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(windows installers only)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(windows installers only)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(windows installers only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist