CVE-2020-5419

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-5419
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5419.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-5419
Aliases
Published
2020-08-31T15:15:11.010Z
Modified
2026-04-10T04:27:39.813122Z
Severity
  • 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.

References

Affected packages

Git / github.com/rabbitmq/rabbitmq-server

Affected ranges

Type
GIT
Repo
https://github.com/rabbitmq/rabbitmq-server
Events
Introduced
967ffac80a454b24be03b00e623469cf2380ee89
Fixed
9a5592654e993e7e9c238ec53a83a12107068c10
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b9c8e2de93be5323822cf501c6ae3d5d92381820
Database specific 
{
    "versions": [
        {
            "introduced": "3.8.0"
        },
        {
            "fixed": "3.8.7"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "3.7.28"
        }
    ]
}

Affected versions

Other
rabbitmq_v1_4_0
rabbitmq_v1_5_0
rabbitmq_v1_6_0
rabbitmq_v1_7_0
rabbitmq_v1_7_2
rabbitmq_v1_8_1
rabbitmq_v2_4_0
rabbitmq_v2_7_1
rabbitmq_v2_8_0
rabbitmq_v3_0_0
rabbitmq_v3_0_1
rabbitmq_v3_0_2
rabbitmq_v3_0_3
rabbitmq_v3_0_4
rabbitmq_v3_1_1
rabbitmq_v3_1_2
rabbitmq_v3_1_3
rabbitmq_v3_1_4
rabbitmq_v3_1_5
rabbitmq_v3_2_1
rabbitmq_v3_2_2
rabbitmq_v3_2_3
rabbitmq_v3_2_4
rabbitmq_v3_3_0
rabbitmq_v3_3_1
rabbitmq_v3_3_2
rabbitmq_v3_3_3
rabbitmq_v3_3_4
rabbitmq_v3_3_5
rabbitmq_v3_4_0
rabbitmq_v3_4_1
rabbitmq_v3_4_2
rabbitmq_v3_4_3
rabbitmq_v3_5_0
rabbitmq_v3_6_0
rabbitmq_v3_6_0_milestone1
rabbitmq_v3_6_0_milestone2
rabbitmq_v3_6_0_milestone3
rabbitmq_v3_6_0_rc1
rabbitmq_v3_6_0_rc2
rabbitmq_v3_6_0_rc3
rabbitmq_v3_7_0_milestone1
rabbitmq_v3_7_0_milestone10
rabbitmq_v3_7_0_milestone11
rabbitmq_v3_7_0_milestone12
rabbitmq_v3_7_0_milestone13
rabbitmq_v3_7_0_milestone14
rabbitmq_v3_7_0_milestone15
rabbitmq_v3_7_0_milestone16
rabbitmq_v3_7_0_milestone17
rabbitmq_v3_7_0_milestone18
rabbitmq_v3_7_0_milestone2
rabbitmq_v3_7_0_milestone3
rabbitmq_v3_7_0_milestone4
rabbitmq_v3_7_0_milestone5
rabbitmq_v3_7_0_milestone7
rabbitmq_v3_7_0_milestone8
rabbitmq_v3_7_0_milestone9
v3.*
v3.7.0
v3.7.0-beta.19
v3.7.0-beta.20
v3.7.0-rc.1
v3.7.0-rc.2
v3.7.1
v3.7.1-beta.1
v3.7.10
v3.7.10-rc.1
v3.7.10-rc.2
v3.7.10-rc.3
v3.7.10-rc.4
v3.7.11
v3.7.11-rc.1
v3.7.11-rc.2
v3.7.12
v3.7.12-rc.1
v3.7.12-rc.2
v3.7.13
v3.7.13-beta.1
v3.7.13-rc.1
v3.7.13-rc.2
v3.7.14
v3.7.14-rc.1
v3.7.14-rc.2
v3.7.15
v3.7.15-beta.1
v3.7.16
v3.7.16-beta.1
v3.7.16-rc.3
v3.7.16-rc.4
v3.7.17
v3.7.17-beta.1
v3.7.17-rc.1
v3.7.17-rc.2
v3.7.17-rc.3
v3.7.18
v3.7.18-beta.1
v3.7.18-rc.1
v3.7.19
v3.7.2
v3.7.20
v3.7.20-beta.1
v3.7.20-rc.1
v3.7.20-rc.2
v3.7.21
v3.7.22
v3.7.22-rc.1
v3.7.22-rc.2
v3.7.23
v3.7.23-rc.1
v3.7.24
v3.7.24-beta.1
v3.7.24-rc.1
v3.7.24-rc.2
v3.7.25
v3.7.25-rc.1
v3.7.26
v3.7.27-rc.1
v3.7.3
v3.7.3-rc.1
v3.7.3-rc.2
v3.7.4
v3.7.4-rc.1
v3.7.4-rc.2
v3.7.4-rc.3
v3.7.4-rc.4
v3.7.5
v3.7.5-beta.1
v3.7.5-beta.2
v3.7.5-beta.3
v3.7.5-rc.1
v3.7.6
v3.7.6-rc.1
v3.7.6-rc.2
v3.7.7
v3.7.7-beta.1
v3.7.7-beta.2
v3.7.7-rc.1
v3.7.7-rc.2
v3.7.8
v3.7.8-rc.1
v3.7.8-rc.2
v3.7.8-rc.3
v3.7.8-rc.4
v3.7.9
v3.7.9-rc.1
v3.7.9-rc.2
v3.7.9-rc.3
v3.8.0
v3.8.1
v3.8.1-beta.1
v3.8.1-beta.2
v3.8.1-rc.1
v3.8.2
v3.8.2-rc.1
v3.8.3
v3.8.3-beta.1
v3.8.3-beta.2
v3.8.3-beta.3
v3.8.3-rc.1
v3.8.3-rc.2
v3.8.4
v3.8.4-beta.1
v3.8.4-rc.1
v3.8.4-rc.2
v3.8.4-rc.3
v3.8.5
v3.8.5-rc.1
v3.8.5-rc.2
v3.8.6
v3.8.6-beta.1
v3.8.6-rc.1
v3.8.6-rc.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5419.json"