2017-06-13 08:29:00 2017-06-23 20:41:14

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.

Vector

LOCAL

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Pivotal software Rabbitmq 1.5.17 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.18 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.19 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal Software RabbitMQ 3.4.1 Pivotal software Rabbitmq 1.7.8 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.7.9 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.10 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.11 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.12 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.13 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.14 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.15 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.8 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.7.6 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.9 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.7.7 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal Software RabbitMQ 3.4.0 Pivotal software Rabbitmq 1.5.6 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.7.4 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.7 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.7.5 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal Software RabbitMQ 3.4.2 Pivotal software Rabbitmq 3.6.0 (not an official CPE) Pivotal Software RabbitMQ 3.4.3 Pivotal software Rabbitmq 3.6.1 (not an official CPE) Pivotal software Rabbitmq 3.4.4 (not an official CPE) Pivotal software Rabbitmq 3.6.2 (not an official CPE) Pivotal software Rabbitmq 3.5.5 (not an official CPE) Pivotal software Rabbitmq 3.5.6 (not an official CPE) Pivotal software Rabbitmq 3.5.7 (not an official CPE) Pivotal software Rabbitmq 3.5.4 (not an official CPE) Pivotal software Rabbitmq 1.6.10 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.13 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.12 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.15 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.14 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.16 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.0 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.1 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.4 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.7.2 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.5 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.7.3 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.2 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.7.0 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.5.3 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 3.5.0 (not an official CPE) Pivotal software Rabbitmq 1.6.9 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.7.14 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.7.13 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.7 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.8 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.5 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.6 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 3.5.1 (not an official CPE) Pivotal software Rabbitmq 3.5.2 (not an official CPE) Pivotal software Rabbitmq 3.5.3 (not an official CPE) Pivotal software Rabbitmq 3.6.4 (not an official CPE) Pivotal software Rabbitmq 3.6.5 (not an official CPE) Pivotal software Rabbitmq 3.6.6 (not an official CPE) Pivotal software Rabbitmq 3.6.3 (not an official CPE) Pivotal software Rabbitmq 3.6.7 (not an official CPE) Pivotal software Rabbitmq 1.6.0 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.7.10 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.3 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.4 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.1 ~~~pivotal cloud foundry~~ (not an official CPE) Pivotal software Rabbitmq 1.6.2 ~~~pivotal cloud foundry~~ (not an official CPE)
Advisory Patch Confirmed Link
https://pivotal.io/security/cve-2017-4966