CVE-2017-4966

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.

CVSS v3.0 7.8 HIGH
CVSS v2.0 2.1 LOW

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://pivotal.io/security/cve-2017-4966	Mitigation Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:::::::*
	cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:::::::*
	cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:::::::*
	cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:::::::*
	cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:::::::*
	cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:::::::*
	cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:::::::*
	cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:::::::*
	cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:::::::*
	cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:::::::*
	cpe:2.3:a:vmware:rabbitmq:3.5.6:::::::*
	cpe:2.3:a:vmware:rabbitmq:3.4.0:::::::*
	cpe:2.3:a:vmware:rabbitmq:3.5.2:::::::*
	cpe:2.3:a:vmware:rabbitmq:3.4.2:::::::*
	cpe:2.3:a:vmware:rabbitmq:3.4.3:::::::*
	cpe:2.3:a:vmware:rabbitmq:3.4.4:::::::*
	cpe:2.3:a:vmware:rabbitmq:3.5.0:::::::*
	cpe:2.3:a:vmware:rabbitmq:3.5.1:::::::*
	cpe:2.3:a:vmware:rabbitmq:3.6.7:::::::*
	cpe:2.3:a:vmware:rabbitmq:3.4.1:::::::*
	cpe:2.3:a:vmware:rabbitmq:3.5.3:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.7.10:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.7.7:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.7.14:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.15:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.19:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.16:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.7.8:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.7.9:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.7.13:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.12:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.14:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:::::pivotal_cloud_foundry::
	cpe:2.3:a:pivotal_software:rabbitmq:1.6.13:::::pivotal_cloud_foundry::

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2017-06-12 23:29

Updated : 2022-05-15 07:13

NVD link : CVE-2017-4966

Mitre link : CVE-2017-4966

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

debian

debian_linux

vmware

rabbitmq

pivotal_software

rabbitmq

7.8 /10