CVE-2019-11291 vulnerability in Pivotal Software and Other Products
Published on November 22, 2019
RabbitMQ XSS attack via federation and shovel endpoints
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2019-11291 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2019-11291
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-11291 are published in these products:
Affected Versions
Pivotal RabbitMQ:- Version 3.8 and below v3.8.1 is affected.
- Version 3.7 and below v3.7.20 is affected.
- Version 1.17 and below 1.17.4 is affected.
- Version 1.16 and below 1.16.7 is affected.
Exploit Probability
EPSS
0.48%
Percentile
64.66%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.