CVE-2021-32719

Description

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.

CVSS Metrics

• v3.1•LOW•Score: 3.1CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
• v3.1•MEDIUM•Score: 4.8CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
• v2.0•LOW•Score: 3.5AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.12%• Percentile: 31%

Techniques & Countermeasures

• CWE-79•Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

• CWE-80•Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

  The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

Affected Systems

• rabbitmq•rabbitmq-server

  < 3.8.18

• vmware•rabbitmq

  < 3.8.18

References (3)

• https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x
• https://github.com/rabbitmq/rabbitmq-server/pull/3122
• https://herolab.usd.de/security-advisories/usd-2021-0011/