CVE-2017-4966

Published Jun 13, 2017
Last updated 2 years ago
Overview

Description: An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.
Source: security_alert@emc.com
NVD status: Analyzed
Hype score: Not currently trending
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-200
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DE6A4B2-0445-470B-B18C-2CFEB2A52455"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B52805C-6F10-4BCD-AA74-3E0C0FF5E3C2"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FE2FBE9-5D35-4273-8B83-A400D3A0136D"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B11709F3-3F1C-4FC2-9F2D-87951EC04308"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32F9F3F6-B1AF-423F-9F96-4329589B323A"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AECBDFAA-198F-4A47-835A-4E17C090DF02"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D879D6FD-39D7-4589-8DE7-C8DAAE6F165E"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE842A15-D676-4E00-AAD7-1088CE122876"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F40845F9-00D8-44F0-8B2E-60094A3D37CE"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3772B181-64DB-43AA-99C1-21378CF91E51"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B58103B8-6CD1-4DA6-B5A3-D1289B95A951"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F57DA292-66F8-4BE5-AD3B-C4400D6D1A42"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "385A9C6F-7933-4681-985E-31D7CED8B0FD"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D7EC8A4-16CB-451F-B70B-BE232F1BCAF5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BBF7FB2-3D52-45BE-813A-6F73DFAF9EC6"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76B241B7-DE7C-4F95-A742-164020FCAED3"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09429E70-C395-4E95-9C83-5BDC8083C0AE"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9432656B-DB94-4E5F-83CB-38A9DA4FCA74"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37CD714F-30CD-4254-AF41-DEBEA9053706"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEC4C125-7594-4960-BF88-977D3A95D6BC"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1647A9D6-2D1F-461C-B0B8-B8A2FD9AB823"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DA89B77-6455-40CD-931E-BB07CD9A3166"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52350E43-4AB5-45ED-AC31-CC948DB87631"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42856F22-74CD-4278-8EAA-2C6582A7E658"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1C7EE64-A51B-4D02-AAC4-20F4D3FCB110"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0D8589A-B843-4130-8CC8-3D4C464CDB4D"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62016F87-0B15-4D1B-A2AB-FC4769F95DB7"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DF99EF7-AFCB-4CA5-8F28-ABC9118612CE"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D9F3D8B-DDB3-4175-AAD7-8F952E9A7D2C"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5125B26-63EE-4FE8-97A1-DC6E11757ACA"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AF3BAA0-0AEA-4B96-9C91-E51789844A39"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD5F0850-F34B-4E79-A46D-B74F2E90C43A"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF23DD7D-16B4-408C-A825-C79487D79A0F"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E792D92E-07A1-4E48-90CB-5EC7C99E0AF0"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B873D04B-704B-468D-A2B1-8E04653806F3"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13C9004B-590A-45F0-8AA9-713928A8F5F2"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F22B84B3-438E-4E08-A02D-4A85C0C561B6"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "501A5F31-6DBA-4E90-8BAD-E1DFD0967D0F"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E99B39C-21AF-4F75-8D96-9B69F48C2A39"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.19:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CFACCBF-6C53-4A7F-AC0F-8A2D03E6D6EE"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C6E80B6-857B-4D53-B107-8667EFCCE0EA"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95C7294C-C9D3-40F8-B3C9-40424D5FC124"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66F85747-11AA-4133-B553-3C31152F0781"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B425D53C-5713-401E-BE30-BCDE54F65857"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "758D57BA-3EA6-4036-8BDD-5BA2AAE25F77"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "036437B9-1A7F-4C60-B9FE-B38173BC6FAB"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "408D457F-4DE5-4280-8379-083DA78ECF00"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9D2B08D-9779-4E80-BAB6-870F81F24F7E"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90F47590-6640-494F-8A93-A9AC70459DD5"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D1F88E0-4047-4ADE-A898-88FE6358D659"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8647C50B-41CB-45CE-89E7-BB4B2759DE40"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.12:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4960386C-07D9-4367-945C-278595DB6C0A"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.13:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A49DCDFA-4D98-4AEC-91A1-612B85DDFB04"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.14:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FEB47ED-5D35-4151-B087-8324339DE5FE"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.15:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65A513AD-9236-42D7-9D04-F318A5815640"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.16:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6647F298-1B11-46D8-B68A-6B284BB1F7AD"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9997C9C6-4918-4B74-92E4-012B58278DEC"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6DB5A36-22F9-4A2C-9ED0-68D1434B06D0"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33C0370F-77A5-4A51-ABF2-21793CD57043"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C3C0A88-66F6-46D5-9A79-BEFB654979D6"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EC26CD6-172D-4DBE-8B23-59491E4765E1"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "669EA6CA-3F6C-4151-986D-173F1375B32B"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.7:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69960839-7C03-4542-80D3-5C71795F8159"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.8:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82CA3E75-AFD0-486A-9EFA-71A8CA780632"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.9:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "921374B4-B99F-4863-99D8-9FD938EF8EF0"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.10:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5344CFC-3100-4407-93E4-65594C3741B5"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.13:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06B09408-573D-47A8-BC84-724DD88976E4"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.14:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADF54631-875A-45C4-9C0A-4836AB1F8309"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References
