CVE-2019-11291 Information
Share on:
Feb 14, 2021
cve
Description
Pivotal RabbitMQ 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1 and RabbitMQ for PCF 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4 contain two endpoints federation and shovel which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Reference
https://access.redhat.com/errata/RHSA-2020:0553 https://pivotal.io/security/cve-2019-11291
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
3.5