CVE-2019-11281
Published: Oct 16, 2019
Modified: Sep 16, 2024
CVSS v3.0
2.4
Description
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.
| Vendor | Product | Versions |
|---|---|---|
Pivotal | RabbitMQ | affected prior to v3.7.18 |
Pivotal | RabbitMQ for PCF | affected 1.15.x prior to 1.15.13affected 11.16.x prior to 1.16.6affected 1.17.x prior to 1.17.3 |
Weaknesses (CWE)
CVSS v3.0 Details
CVSS v3.0 Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now