{"containers": {"cna": {"affected": [{"product": "Pivotal RabbitMQ", "vendor": "n/a", "versions": [{"status": "affected", "version": "Pivotal RabbitMQ"}]}], "datePublic": "2017-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack."}], "problemTypes": [{"descriptions": [{"description": "local storage of credentials", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-19T19:06:22", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2017-4966"}, {"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "ID": "CVE-2017-4966", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Pivotal RabbitMQ", "version": {"version_data": [{"version_value": "Pivotal RabbitMQ"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "local storage of credentials"}]}]}, "references": {"reference_data": [{"name": "https://pivotal.io/security/cve-2017-4966", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2017-4966"}, {"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:47:44.070Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/cve-2017-4966"}, {"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-4966", "datePublished": "2017-06-13T06:00:00", "dateReserved": "2016-12-29T00:00:00", "dateUpdated": "2024-08-05T14:47:44.070Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "0DE6A4B2-0445-470B-B18C-2CFEB2A52455", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "0B52805C-6F10-4BCD-AA74-3E0C0FF5E3C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "5FE2FBE9-5D35-4273-8B83-A400D3A0136D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B11709F3-3F1C-4FC2-9F2D-87951EC04308", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "32F9F3F6-B1AF-423F-9F96-4329589B323A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "AECBDFAA-198F-4A47-835A-4E17C090DF02", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "D879D6FD-39D7-4589-8DE7-C8DAAE6F165E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "CE842A15-D676-4E00-AAD7-1088CE122876", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "F40845F9-00D8-44F0-8B2E-60094A3D37CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "3772B181-64DB-43AA-99C1-21378CF91E51", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B58103B8-6CD1-4DA6-B5A3-D1289B95A951", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F57DA292-66F8-4BE5-AD3B-C4400D6D1A42", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "385A9C6F-7933-4681-985E-31D7CED8B0FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "6D7EC8A4-16CB-451F-B70B-BE232F1BCAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "3BBF7FB2-3D52-45BE-813A-6F73DFAF9EC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "76B241B7-DE7C-4F95-A742-164020FCAED3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "09429E70-C395-4E95-9C83-5BDC8083C0AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "9432656B-DB94-4E5F-83CB-38A9DA4FCA74", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "37CD714F-30CD-4254-AF41-DEBEA9053706", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "EEC4C125-7594-4960-BF88-977D3A95D6BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "1647A9D6-2D1F-461C-B0B8-B8A2FD9AB823", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "0DA89B77-6455-40CD-931E-BB07CD9A3166", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "52350E43-4AB5-45ED-AC31-CC948DB87631", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "42856F22-74CD-4278-8EAA-2C6582A7E658", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "F1C7EE64-A51B-4D02-AAC4-20F4D3FCB110", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "B0D8589A-B843-4130-8CC8-3D4C464CDB4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "62016F87-0B15-4D1B-A2AB-FC4769F95DB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "7DF99EF7-AFCB-4CA5-8F28-ABC9118612CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "2D9F3D8B-DDB3-4175-AAD7-8F952E9A7D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "C5125B26-63EE-4FE8-97A1-DC6E11757ACA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "6AF3BAA0-0AEA-4B96-9C91-E51789844A39", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "DD5F0850-F34B-4E79-A46D-B74F2E90C43A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "DF23DD7D-16B4-408C-A825-C79487D79A0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "E792D92E-07A1-4E48-90CB-5EC7C99E0AF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "B873D04B-704B-468D-A2B1-8E04653806F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "13C9004B-590A-45F0-8AA9-713928A8F5F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "F22B84B3-438E-4E08-A02D-4A85C0C561B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "501A5F31-6DBA-4E90-8BAD-E1DFD0967D0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "3E99B39C-21AF-4F75-8D96-9B69F48C2A39", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.19:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "0CFACCBF-6C53-4A7F-AC0F-8A2D03E6D6EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "3C6E80B6-857B-4D53-B107-8667EFCCE0EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "95C7294C-C9D3-40F8-B3C9-40424D5FC124", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "66F85747-11AA-4133-B553-3C31152F0781", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "B425D53C-5713-401E-BE30-BCDE54F65857", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "758D57BA-3EA6-4036-8BDD-5BA2AAE25F77", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "036437B9-1A7F-4C60-B9FE-B38173BC6FAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "408D457F-4DE5-4280-8379-083DA78ECF00", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "C9D2B08D-9779-4E80-BAB6-870F81F24F7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "90F47590-6640-494F-8A93-A9AC70459DD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "5D1F88E0-4047-4ADE-A898-88FE6358D659", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "8647C50B-41CB-45CE-89E7-BB4B2759DE40", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.12:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "4960386C-07D9-4367-945C-278595DB6C0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.13:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "A49DCDFA-4D98-4AEC-91A1-612B85DDFB04", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.14:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "4FEB47ED-5D35-4151-B087-8324339DE5FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.15:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "65A513AD-9236-42D7-9D04-F318A5815640", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.16:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "6647F298-1B11-46D8-B68A-6B284BB1F7AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "9997C9C6-4918-4B74-92E4-012B58278DEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "F6DB5A36-22F9-4A2C-9ED0-68D1434B06D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "33C0370F-77A5-4A51-ABF2-21793CD57043", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "4C3C0A88-66F6-46D5-9A79-BEFB654979D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "1EC26CD6-172D-4DBE-8B23-59491E4765E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "669EA6CA-3F6C-4151-986D-173F1375B32B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.7:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "69960839-7C03-4542-80D3-5C71795F8159", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.8:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "82CA3E75-AFD0-486A-9EFA-71A8CA780632", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.9:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "921374B4-B99F-4863-99D8-9FD938EF8EF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.10:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "C5344CFC-3100-4407-93E4-65594C3741B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.13:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "06B09408-573D-47A8-BC84-724DD88976E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.14:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "ADF54631-875A-45C4-9C0A-4836AB1F8309", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack."}, {"lang": "es", "value": "Se detect\u00f3 un problema en estas versiones de RabbitMQ de Pivotal: todas las versiones 3.4.x, todas las versiones 3.5.x y versiones 3.6.x anteriores a 3.6.9; y en estas versiones de RabbitMQ de Pivotal para PCF: todas las versiones 1.5.x, versiones 1.6.x anteriores a 1.6.18 y versiones 1.7.x anteriores a 1.7.15. La interfaz de usuario de administraci\u00f3n de RabbitMQ almacena las credenciales de los usuarios registrados en el almacenamiento local de un navegador sin expiraci\u00f3n, lo que hace posible recuperarlas mediante un ataque encadenado."}], "id": "CVE-2017-4966", "lastModified": "2022-05-15T14:13:59.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-13T06:29:00.503", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"}, {"source": "security_alert@emc.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://pivotal.io/security/cve-2017-4966"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "rabbitmq: Authentication details are stored in browser-local storage without expiration", "id": "1448337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1448337"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-522", "details": ["An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack."], "name": "CVE-2017-4966", "package_state": [{"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:rhscon:2", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Storage Console 2"}], "public_date": "2017-03-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-4966\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-4966\nhttps://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9"], "statement": "This issue affects rabbitmq-server plugins as shipped with:\n* Red Hat Storage Console 2\n* Red Hat Enterprise Linux OpenStack Platform 5,6,7\n* Red Hat OpenStack Platform 8,9,10,11\nAlthough RabbitMQ plugins are shipped in these products, no plugins are enabled or used by default. \nTo verify your environment's plugin usage, run: \n# rabbitmq-plugins list\nA future update may address this issue. Red Hat Product Security has rated this issue as having Moderate security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate", "upstream_fix": "rabbitmq-server 3.6.9"}