CVE-2021-43799 Information

Jun 07, 2022 cve

Description

Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9 the initial installation (until first reboot or restart of RabbitMQ) does not successfully limit the default ports which RabbitMQ opens; this includes port 25672 the RabbitMQ distribution port which is used as a management port. RabbitMQ’s default ## CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/zulip/zulip/security/advisories/GHSA-p663-wxvv-2fjp https://github.com/zulip/zulip/releases/tag/4.9 https://github.com/gteissier/erl-matter https://github.com/zulip/zulip/commit/a5496f4098e3998c9b84e8dc564aa983d6cdf6e8

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: