Source: rabbitmq-server Version: 3.7.18-1 Severity: important Tags: security upstream Control: found -1 3.7.8-4
Hi, The following vulnerability was published for rabbitmq-server. CVE-2019-11291[0]: | Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior | to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and | 1.17.x versions prior to 1.17.4, contain two endpoints, federation and | shovel, which do not properly sanitize user input. A remote | authenticated malicious user with administrative access could craft a | cross site scripting attack via the vhost or node name fields that | could grant access to virtual hosts and policy management information. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-11291 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11291 [1] https://pivotal.io/security/cve-2019-11291 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
