27 matches found
CVE-2026-57214 RabbitMQ: Stored XSS in RabbitMQ management UI
RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages, allowing a user with permission to declare a queue or exchange...
CVE-2026-57211 RabbitMQ: UNC SSRF affecting the management UI on Windows
RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ management plugin static file handler rabbitmgmtwmstatic can pass URL-encoded backslashes to erlprimloader:readfileinfo before path validation when multiple management extension plugins are enabled,...
CVE-2026-57212 RabbitMQ management HTTP API accepts request bodies larger than configured max_http_body_size
RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqmanagement HTTP API accepts oversized valid JSON bodies on withdecode and directrequest paths because readcompletebody checks the accumulated size before the final chunk but not the final combin...
CVE-2026-9844
Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI
RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13...
EUVD-2019-8961
Malware in sbrugna...
CVE-2024-28990
SolarWinds Access Rights Manager ARM was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console. We thank Trend Micro Zero Day Initiative ZDI for its ongoing partnership in coordinating...
Linux Distros Unpatched Vulnerability : CVE-2021-32719
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI vi...
SolarWinds Access Rights Manager Trust Management Issue Vulnerability
SolarWinds Access Rights Manager is a lightweight review management system from SolarWinds. A trust management issue vulnerability exists in SolarWinds Access Rights Manager that can be exploited by an attacker to access the RabbitMQ management console...
SUSE CVE-2014-9650
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions...
SUSE CVE-2017-4967
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ...
CVE-2021-32719
CVE-2021-32719 affects RabbitMQ’s rabbitmq-server prior to version 3.8.18 where, when a federation link is shown in the management UI via the rabbitmq_federation_management plugin, the consumer tag is rendered without proper [removed] tag sanitization. This could allow JavaScript execution in the...
PT-2019-15815 · Pivotal +1 · Rabbitmq +1
Name of the Vulnerable Software and Affected Versions: Ansible Tower versions 3.5.x through 3.5.2 Ansible Tower versions 3.6.x through 3.6.1 Description: A flaw was found in Ansible Tower where enabling RabbitMQ manager by setting it with '-e rabbitmq enable manager=true' exposes the RabbitMQ...
DEBIAN-CVE-2017-4967
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ...
DEBIAN-CVE-2017-4966
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-...
UBUNTU-CVE-2017-4967
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ...
PT-2017-4069 · Pivotal +2 · Rabbitmq +2
Name of the Vulnerable Software and Affected Versions: RabbitMQ versions 3.4.x through 3.5.x and 3.6.x versions prior to 3.6.9 RabbitMQ for PCF versions 1.5.x and 1.6.x versions prior to 1.6.18 and 1.7.x versions prior to 1.7.15 Description: The issue is related to the disclosure of information. ...
Pivotal RabbitMQ Management Plugin Detection
Binary data pivotalrabbitmqmgmtdetect.nbin...
CVE-2015-8786
The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service resource consumption via the 1 lengthsage or 2 lengthsincr parameter...
Pivotal Software RabbitMQ management plugin cross-site scripting vulnerability (CNVD-2015-00813)
Pivotal Software RabbitMQ is a British company Pivotal Software's set of implementation of the Advanced Message Queuing Protocol AMQP open source message broker software. RabbitMQ management is one of the management plug-in . A cross-site scripting vulnerability exists in the management plug-in f...