RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8851 advisory.

  - rabbitmq-server: improper neutralization of script-related HTML tags in a web page (basic XSS) in     management UI (CVE-2021-32718)

  - rabbitmq-server: improper neutralization of script-related HTML tags in a web page (basic XSS) in     federation management plugin (CVE-2021-32719)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3325-1 advisory.

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user     being added via management UI could lead to the user's bane being rendered in a confirmation message     without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the     context of the page. In order for this to occur, the user must be signed in and have elevated permissions     (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable     `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for     metrics and monitoring. (CVE-2021-32718)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a     federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management`     plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows     for JavaScript code execution in the context of the page. The user must be signed in and have elevated     permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in     RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI     tools](https://www.rabbitmq.com/cli.html) instead. (CVE-2021-32719)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3325-1 advisory.

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a     federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management`     plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows     for JavaScript code execution in the context of the page. The user must be signed in and have elevated     permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in     RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI     tools](https://www.rabbitmq.com/cli.html) instead. (CVE-2021-32719)

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user     being added via management UI could lead to the user's bane being rendered in a confirmation message     without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the     context of the page. In order for this to occur, the user must be signed in and have elevated permissions     (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable     `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for     metrics and monitoring. (CVE-2021-32718)

In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1334-1 advisory.

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a     federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management`     plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows     for JavaScript code execution in the context of the page. The user must be signed in and have elevated     permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in     RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI     tools](https://www.rabbitmq.com/cli.html) instead. (CVE-2021-32719)

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user     being added via management UI could lead to the user's bane being rendered in a confirmation message     without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the     context of the page. In order for this to occur, the user must be signed in and have elevated permissions     (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable     `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for     metrics and monitoring. (CVE-2021-32718)

In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3254-1 advisory.

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user     being added via management UI could lead to the user's bane being rendered in a confirmation message     without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the     context of the page. In order for this to occur, the user must be signed in and have elevated permissions     (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable     `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for     metrics and monitoring. (CVE-2021-32718)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a     federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management`     plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows     for JavaScript code execution in the context of the page. The user must be signed in and have elevated     permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in     RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI     tools](https://www.rabbitmq.com/cli.html) instead. (CVE-2021-32719)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Pivotal RabbitMQ versions prior to 3.8.18 are affected by a cross-site scripting (XSS) vulnerability in the rabbitmq_federation_management plugin due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
170374	RHEL 8 : Red Hat OpenStack Platform 16.2.4 (rabbitmq-server) (RHSA-2022:8851)	Nessus	Red Hat Local Security Checks	medium
153969	SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3325-1)	Nessus	SuSE Local Security Checks	medium
153968	openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:3325-1)	Nessus	SuSE Local Security Checks	medium
153874	openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:1334-1)	Nessus	SuSE Local Security Checks	medium
153798	SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3254-1)	Nessus	SuSE Local Security Checks	medium
152141	RabbitMQ < 3.8.18 XSS	Nessus	Misc.	medium

Detections

Analytics

CVE-2021-32719

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium