CVE-2021-22117

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-22117
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22117.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22117
Aliases
Published
2021-05-18T13:15:07.597Z
Modified
2026-03-14T10:44:29.226013Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.

References

Affected packages

Git / github.com/rabbitmq/rabbitmq-server

Affected ranges

Type
GIT
Repo
https://github.com/rabbitmq/rabbitmq-server
Events
Introduced
967ffac80a454b24be03b00e623469cf2380ee89
Fixed
afd0d815f3771209174fd53b8b3a4afc637dca48
Database specific 
{
    "versions": [
        {
            "introduced": "3.8.0"
        },
        {
            "fixed": "3.8.16"
        }
    ]
}

Affected versions

base-for-tanzu-rabbitmq-2020.*
base-for-tanzu-rabbitmq-2020.12-additions
v3.*
v3.8.0
v3.8.1
v3.8.1-beta.1
v3.8.1-beta.2
v3.8.1-rc.1
v3.8.10-beta.1
v3.8.10-rc.1
v3.8.10-rc.5
v3.8.10-rc.6
v3.8.11
v3.8.12
v3.8.12-beta.1
v3.8.12-rc.1
v3.8.12-rc.2
v3.8.12-rc.3
v3.8.13
v3.8.13-beta.1
v3.8.14
v3.8.15
v3.8.15-rc.2
v3.8.15-rc.3
v3.8.2
v3.8.2-rc.1
v3.8.3
v3.8.3-beta.1
v3.8.3-beta.2
v3.8.3-beta.3
v3.8.3-rc.1
v3.8.3-rc.2
v3.8.4
v3.8.4-beta.1
v3.8.4-rc.1
v3.8.4-rc.2
v3.8.4-rc.3
v3.8.5
v3.8.5-rc.1
v3.8.5-rc.2
v3.8.6
v3.8.6-beta.1
v3.8.6-rc.1
v3.8.6-rc.2
v3.8.7
v3.8.8
v3.8.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22117.json"