XSS in Broadcom Rabbitmq_server
CVE-2019-11291
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.008 (51.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Broadcom Rabbitmq_server — versions 3.8.0
- Pivotal Rabbitmq — versions 3.8, 3.7
- Pivotal Rabbitmq For Platform — versions 1.17, 1.16
- Vmware Rabbitmq
- Redhat Openstack — versions 15
Weakness classification (CWE)
References
- security@pivotal.io (x_refsource_CONFIRM, Vendor Advisory)
- security@pivotal.io (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
Frequently asked questions
- What is CVE-2019-11291?
- CVE-2019-11291 is a medium-severity vulnerability in Broadcom Rabbitmq_server, classified under Cross-site Scripting. CVSS score: 4.8/10. Published 2019-11-22.
- How severe is CVE-2019-11291?
- Medium severity. CVSS v3 base score is 4.8 out of 10.