An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.
Attack Vector Local
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
No CVSS v3.0
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
AV:L/AC:L/Au:N/C:P/I:N/A:N
Vendors | Products |
---|---|
Pivotal Software |
|
Debian |
|
Vmware |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html | Third Party Advisory |
https://pivotal.io/security/cve-2017-4966 | Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: dell
Published: 2017-06-13T06:00:00
Updated: 2021-07-19T19:06:22
Reserved: 2016-12-29T00:00:00
Link: CVE-2017-4966
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-06-13T06:29:00.503
Modified: 2022-05-15T14:13:59.430
Link: CVE-2017-4966
JSON object: View
Redhat Information
No data.
CWE