FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rabbitmq -- Security issues in management plugin

Affected packages
rabbitmq < 3.4.3


VuXML ID 8469d41c-a960-11e4-b18e-bcaec55be5e5
Discovery 2015-01-08
Entry 2015-01-31

The RabbitMQ project reports:

Some user-controllable content was not properly HTML-escaped before being presented to a user in the management web UI:

In all cases, the attacker needs a valid user account on the targeted RabbitMQ cluster.

Furthermore, some admin-controllable content was not properly escaped:

Likewise, an attacker could add content or execute arbitrary Javascript code on behalf of a user using the management web UI. However, the attacker must be an administrator on the RabbitMQ cluster, thus a trusted user.


CVE Name CVE-2015-0862