CVE-2019-11281 — MEDIUM (4.8)

Q: How severe is CVE-2019-11281?

CVE-2019-11281 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-11281?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Rabbitmq, Redhat Openstack, Redhat Openstack For Ibm Power, Debian Debian Linux, Fedoraproject Fedora.

Vulnerability Description

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Pivotal Software	Rabbitmq	< 3.7.18
Redhat	Openstack	15
Redhat	Openstack For Ibm Power	15
Debian	Debian Linux	9.0
Fedoraproject	Fedora	30

Related Weaknesses (CWE)

CWE-79

References

https://access.redhat.com/errata/RHSA-2020:0078Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/07/msg00011.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://pivotal.io/security/cve-2019-11281Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0078Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/07/msg00011.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://pivotal.io/security/cve-2019-11281Vendor Advisory

FAQ

What is CVE-2019-11281?

CVE-2019-11281 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the v...

How severe is CVE-2019-11281?

CVE-2019-11281 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-11281?

Check the references section above for vendor advisories and patch information. Affected products include: Pivotal Software Rabbitmq, Redhat Openstack, Redhat Openstack For Ibm Power, Debian Debian Linux, Fedoraproject Fedora.