CVE-2019-11281
- Source
- https://cve.org/CVERecord?id=CVE-2019-11281
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11281.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11281
- Downstream
- Published
- 2019-10-16T16:15:10.340Z
- Modified
- 2026-04-10T04:14:09.843526Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/
- https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html
- https://pivotal.io/security/cve-2019-11281
- https://access.redhat.com/errata/RHSA-2020:0078
Affected packages
Git / github.com/rabbitmq/rabbitmq-server
Affected versions
Other
rabbitmq_v1_4_0
rabbitmq_v1_5_0
rabbitmq_v1_6_0
rabbitmq_v1_7_0
rabbitmq_v1_7_2
rabbitmq_v1_8_1
rabbitmq_v2_4_0
rabbitmq_v2_7_1
rabbitmq_v2_8_0
rabbitmq_v3_0_0
rabbitmq_v3_0_1
rabbitmq_v3_0_2
rabbitmq_v3_0_3
rabbitmq_v3_0_4
rabbitmq_v3_1_1
rabbitmq_v3_1_2
rabbitmq_v3_1_3
rabbitmq_v3_1_4
rabbitmq_v3_1_5
rabbitmq_v3_2_1
rabbitmq_v3_2_2
rabbitmq_v3_2_3
rabbitmq_v3_2_4
rabbitmq_v3_3_0
rabbitmq_v3_3_1
rabbitmq_v3_3_2
rabbitmq_v3_3_3
rabbitmq_v3_3_4
rabbitmq_v3_3_5
rabbitmq_v3_4_0
rabbitmq_v3_4_1
rabbitmq_v3_4_2
rabbitmq_v3_4_3
rabbitmq_v3_5_0
rabbitmq_v3_6_0
rabbitmq_v3_6_0_milestone1
rabbitmq_v3_6_0_milestone2
rabbitmq_v3_6_0_milestone3
rabbitmq_v3_6_0_rc1
rabbitmq_v3_6_0_rc2
rabbitmq_v3_6_0_rc3
rabbitmq_v3_7_0_milestone1
rabbitmq_v3_7_0_milestone10
rabbitmq_v3_7_0_milestone11
rabbitmq_v3_7_0_milestone12
rabbitmq_v3_7_0_milestone13
rabbitmq_v3_7_0_milestone14
rabbitmq_v3_7_0_milestone15
rabbitmq_v3_7_0_milestone16
rabbitmq_v3_7_0_milestone17
rabbitmq_v3_7_0_milestone18
rabbitmq_v3_7_0_milestone2
rabbitmq_v3_7_0_milestone3
rabbitmq_v3_7_0_milestone4
rabbitmq_v3_7_0_milestone5
rabbitmq_v3_7_0_milestone7
rabbitmq_v3_7_0_milestone8
rabbitmq_v3_7_0_milestone9
v3.*
v3.7.0
v3.7.0-beta.19
v3.7.0-beta.20
v3.7.0-rc.1
v3.7.0-rc.2
v3.7.1
v3.7.1-beta.1
v3.7.10
v3.7.10-rc.1
v3.7.10-rc.2
v3.7.10-rc.3
v3.7.10-rc.4
v3.7.11
v3.7.11-rc.1
v3.7.11-rc.2
v3.7.12
v3.7.12-rc.1
v3.7.12-rc.2
v3.7.13
v3.7.13-beta.1
v3.7.13-rc.1
v3.7.13-rc.2
v3.7.14
v3.7.14-rc.1
v3.7.14-rc.2
v3.7.15
v3.7.15-beta.1
v3.7.16
v3.7.16-beta.1
v3.7.16-rc.3
v3.7.16-rc.4
v3.7.17
v3.7.17-beta.1
v3.7.17-rc.1
v3.7.17-rc.2
v3.7.17-rc.3
v3.7.18-beta.1
v3.7.18-rc.1
v3.7.2
v3.7.3
v3.7.3-rc.1
v3.7.3-rc.2
v3.7.4
v3.7.4-rc.1
v3.7.4-rc.2
v3.7.4-rc.3
v3.7.4-rc.4
v3.7.5
v3.7.5-beta.1
v3.7.5-beta.2
v3.7.5-beta.3
v3.7.5-rc.1
v3.7.6
v3.7.6-rc.1
v3.7.6-rc.2
v3.7.7
v3.7.7-beta.1
v3.7.7-beta.2
v3.7.7-rc.1
v3.7.7-rc.2
v3.7.8
v3.7.8-rc.1
v3.7.8-rc.2
v3.7.8-rc.3
v3.7.8-rc.4
v3.7.9
v3.7.9-rc.1
v3.7.9-rc.2
v3.7.9-rc.3
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "1.15.0"
},
{
"fixed": "1.15.13"
}
]
},
{
"events": [
{
"introduced": "1.16.0"
},
{
"fixed": "1.16.6"
}
]
},
{
"events": [
{
"introduced": "1.17.0"
},
{
"fixed": "1.17.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "31"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11281.json"