What is CVE-2019-11281?

CVE-2019-11281 is a medium-severity vulnerability in Pivotal Rabbitmq, classified under Cross-site Scripting. CVSS score: 4.8/10. Published 2019-10-16.

How severe is CVE-2019-11281?

Medium severity. CVSS v3 base score is 4.8 out of 10.

XSS in Pivotal Rabbitmq

CVE-2019-11281

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federa…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.012 (63.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N.

Affected products

Pivotal Rabbitmq — versions prior to v3.7.18
Pivotal Rabbitmq For Pcf — versions 1.15.x prior to 1.15.13, 11.16.x prior to 1.16.6, 1.17.x prior to 1.17.3
Pivotal_software Rabbitmq
Debian Debian_linux — versions 9.0
Fedoraproject Fedora — versions 30, 31
Redhat Openstack — versions 15
Redhat Openstack_for_ibm_power — versions 15

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security@pivotal.io (x_refsource_CONFIRM, Vendor Advisory)
security@pivotal.io (x_refsource_FEDORA, vendor-advisory)
security@pivotal.io (x_refsource_FEDORA, vendor-advisory)
security@pivotal.io (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
security@pivotal.io (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)

Frequently asked questions

What is CVE-2019-11281?: CVE-2019-11281 is a medium-severity vulnerability in Pivotal Rabbitmq, classified under Cross-site Scripting. CVSS score: 4.8/10. Published 2019-10-16.
How severe is CVE-2019-11281?: Medium severity. CVSS v3 base score is 4.8 out of 10.