Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2019-11281
HistoryOct 16, 2019 - 12:00 a.m.

CVE-2019-11281

2019-10-1600:00:00
ubuntu.com
ubuntu.com
13

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

50.6%

JSON

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions
1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions
1.17.x prior to 1.17.3, contain two components, the virtual host limits
page, and the federation management UI, which do not properly sanitize user
input. A remote authenticated malicious user with administrative access
could craft a cross site scripting attack that would gain access to virtual
hosts and policy management information.

Notes

Author Note
sbeattie federation management plugin issue requires a malicious admin to exploit
avital vhost issue does not exist pre-3.7.0

Related

cve 1
redhatcve 1
nvd 1
cvelist 1
osv 2
prion 1
nessus 5
debiancve 1
veracode 1
fedora 2
openvas 3
redhat 1
debian 1
cve
cve
CVE-2019-11281
2019-10-16 16:15:10
redhatcve
redhatcve
CVE-2019-11281
2019-10-22 19:21:41
nvd
nvd
CVE-2019-11281
2019-10-16 16:15:10
cvelist
cvelist
CVE-2019-11281 RabbitMQ XSS attack
2019-10-16 15:23:47
osv
osv
CVE-2019-11281
2019-10-16 16:15:10
rabbitmq-server - security update
2021-07-19 00:00:00
prion
prion
Cross site scripting
2019-10-16 16:15:00
nessus
nessus
Pivotal RabbitMQ < 3.7.18 Cross Site Scripting (XSS) Vulnerability
2020-12-29 00:00:00
RHEL 8 : rabbitmq-server (RHSA-2020:0078)
2023-01-23 00:00:00
Fedora 30 : rabbitmq-server (2019-74d2feb5be)
2019-12-09 00:00:00
debiancve
debiancve
CVE-2019-11281
2019-10-16 16:15:10
veracode
veracode
Cross-site Scripting (XSS)
2023-08-06 20:25:13
fedora
fedora
[SECURITY] Fedora 30 Update: rabbitmq-server-3.7.22-1.fc30
2019-12-07 01:32:21
[SECURITY] Fedora 31 Update: rabbitmq-server-3.7.22-1.fc31
2019-12-07 01:51:04
openvas
openvas
Fedora Update for rabbitmq-server FEDORA-2019-6497f51791
2020-01-09 00:00:00
Fedora Update for rabbitmq-server FEDORA-2019-74d2feb5be
2019-12-08 00:00:00
Debian: Security Advisory (DLA-2710-1)
2021-07-20 00:00:00
redhat
redhat
(RHSA-2020:0078) Important: rabbitmq-server security update
2020-01-13 10:03:48
debian
debian
[SECURITY] [DLA 2710-1] rabbitmq-server security update
2021-07-19 17:21:29

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

50.6%

JSON
Related for UB:CVE-2019-11281
cve1redhatcve1nvd1cvelist1osv2prion1nessus5debiancve1veracode1fedora2openvas3redhat1debian1