CVE-2021-22117: Code Injection
First published: Tue May 18 2021(Updated: )
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vmware Rabbitmq | >=3.8.0<3.8.16 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22117?
CVE-2021-22117 is a vulnerability in RabbitMQ installers on Windows prior to version 3.8.16 that allows attackers with sufficient local filesystem permissions to add arbitrary plugins.
What is the severity of CVE-2021-22117?
CVE-2021-22117 has a severity rating of 7.8 (high).
How can this vulnerability impact me?
If you are using RabbitMQ installers on Windows prior to version 3.8.16, this vulnerability can allow attackers to add arbitrary plugins by exploiting insufficiently hardened plugin directory permissions.
How do I fix CVE-2021-22117?
To fix CVE-2021-22117, you should update RabbitMQ to version 3.8.16 or later, which includes the necessary hardening of plugin directory permissions.
Where can I find more information about CVE-2021-22117?
You can find more information about CVE-2021-22117 at the following reference: [https://tanzu.vmware.com/security/cve-2021-22117](https://tanzu.vmware.com/security/cve-2021-22117).
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware rabbitmq
- version/vmware rabbitmq/3.8.0
- vendor/microsoft
- canonical/microsoft windows