An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Pivotal Software
  • Rabbitmq
Debian
  • Debian Linux
Vmware
  • Rabbitmq

Configuration 1 [-]

OR cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.4.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.6.7:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.19:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.12:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.13:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.14:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.15:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.16:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.7:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.8:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.9:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.10:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.13:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.14:*:*:*:*:pivotal_cloud_foundry:*:*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
References
Link Resource
https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html Third Party Advisory
https://pivotal.io/security/cve-2017-4966 Mitigation Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2017-06-13T06:00:00

Updated: 2021-07-19T19:06:22

Reserved: 2016-12-29T00:00:00

Link: CVE-2017-4966

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2017-06-13T06:29:00.503

Modified: 2022-05-15T14:13:59.430

Link: CVE-2017-4966

JSON object: View

cve-icon Redhat Information

No data.

CWE