RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3325-1 advisory.

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user     being added via management UI could lead to the user's bane being rendered in a confirmation message     without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the     context of the page. In order for this to occur, the user must be signed in and have elevated permissions     (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable     `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for     metrics and monitoring. (CVE-2021-32718)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a     federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management`     plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows     for JavaScript code execution in the context of the page. The user must be signed in and have elevated     permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in     RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI     tools](https://www.rabbitmq.com/cli.html) instead. (CVE-2021-32719)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3325-1 advisory.

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a     federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management`     plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows     for JavaScript code execution in the context of the page. The user must be signed in and have elevated     permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in     RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI     tools](https://www.rabbitmq.com/cli.html) instead. (CVE-2021-32719)

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user     being added via management UI could lead to the user's bane being rendered in a confirmation message     without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the     context of the page. In order for this to occur, the user must be signed in and have elevated permissions     (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable     `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for     metrics and monitoring. (CVE-2021-32718)

In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1334-1 advisory.

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a     federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management`     plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows     for JavaScript code execution in the context of the page. The user must be signed in and have elevated     permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in     RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI     tools](https://www.rabbitmq.com/cli.html) instead. (CVE-2021-32719)

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user     being added via management UI could lead to the user's bane being rendered in a confirmation message     without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the     context of the page. In order for this to occur, the user must be signed in and have elevated permissions     (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable     `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for     metrics and monitoring. (CVE-2021-32718)

In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3254-1 advisory.

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user     being added via management UI could lead to the user's bane being rendered in a confirmation message     without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the     context of the page. In order for this to occur, the user must be signed in and have elevated permissions     (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable     `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for     metrics and monitoring. (CVE-2021-32718)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a     federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management`     plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows     for JavaScript code execution in the context of the page. The user must be signed in and have elevated     permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in     RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI     tools](https://www.rabbitmq.com/cli.html) instead. (CVE-2021-32719)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2710 advisory.

  - An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and     3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions     prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are     vulnerable to XSS attacks. (CVE-2017-4965, CVE-2017-4967)

  - An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and     3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions     prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user     credentials in a browser's local storage without expiration, making it possible to retrieve them using a     chained attack. (CVE-2017-4966)

  - Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13,     versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual     host limits page, and the federation management UI, which do not properly sanitize user input. A remote     authenticated malicious user with administrative access could craft a cross site scripting attack that     would gain access to virtual hosts and policy management information. (CVE-2019-11281)

  - Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal     Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management     plugin that is vulnerable to a denial of service attack. The X-Reason HTTP Header can be leveraged to     insert a malicious Erlang format string that will expand and consume the heap, resulting in the server     crashing. (CVE-2019-11287)

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Jonathon Knudsen of Synopsys Cybersecurity Research Center reports :

All versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious client can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 / 21.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5004-1 advisory.

  - Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal     Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management     plugin that is vulnerable to a denial of service attack. The X-Reason HTTP Header can be leveraged to     insert a malicious Erlang format string that will expand and consume the heap, resulting in the server     crashing. (CVE-2019-11287)

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Pivotal RabbitMQ versions 3.8.x prior to 3.8.16 are affected by a denial of service (DoS) vulnerability due to improper input validation. A remote attacker can exploit this by sending malicious AMQP messages in order to cause a crash.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
153969	SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3325-1)	Nessus	SuSE Local Security Checks	medium
153968	openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:3325-1)	Nessus	SuSE Local Security Checks	medium
153874	openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:1334-1)	Nessus	SuSE Local Security Checks	medium
153798	SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3254-1)	Nessus	SuSE Local Security Checks	medium
152075	Debian DLA-2710-1 : rabbitmq-server - LTS security update	Nessus	Debian Local Security Checks	high
151121	FreeBSD : RabbitMQ -- Denial of Service via improper input validation (7003b62d-7252-46ff-a9df-1b1900f1e65b)	Nessus	FreeBSD Local Security Checks	high
150995	Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : RabbitMQ vulnerabilities (USN-5004-1)	Nessus	Ubuntu Local Security Checks	high
149704	Pivotal RabbitMQ 3.8.x < 3.8.16 DoS	Nessus	Misc.	high

Detections

Analytics

CVE-2021-22116

high

Tenable Plugins

medium

medium

medium

medium

high

high

high

high