{"id":"USN-7143-1","summary":"rabbitmq-server vulnerabilities","details":"Christian Rellmann discovered that RabbitMQ Server did not properly\nsanitize user input when adding a new user via the management UI. An\nattacker could possibly use this issue to perform cross site scripting and\nobtain sensitive information. (CVE-2021-32718)\n\nFahimhusain Raydurg discovered that RabbitMQ Server did not properly\nsanitize user input when using the federation management plugin. An\nattacker could possibly use this issue to perform cross site scripting and\nobtain sensitive information. (CVE-2021-32719)\n","modified":"2026-02-10T04:45:56Z","published":"2024-12-09T14:37:21Z","related":["UBUNTU-CVE-2021-32718","UBUNTU-CVE-2021-32719"],"upstream":["CVE-2021-32718","CVE-2021-32719","UBUNTU-CVE-2021-32718","UBUNTU-CVE-2021-32719"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7143-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-32718"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-32719"}],"affected":[{"package":{"name":"rabbitmq-server","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/rabbitmq-server@3.8.3-0ubuntu0.2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.3-0ubuntu0.2"}]}],"versions":["3.7.8-4ubuntu2","3.7.18-1","3.8.2-0ubuntu1","3.8.2-0ubuntu1.1","3.8.2-0ubuntu1.2","3.8.2-0ubuntu1.3","3.8.2-0ubuntu1.4","3.8.2-0ubuntu1.5","3.8.3-0ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.8.3-0ubuntu0.2","binary_name":"rabbitmq-server"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2021-32718"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2021-32719"}],"ecosystem":"Ubuntu:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7143-1.json"}}],"schema_version":"1.7.3"}