RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-FU-2024:2078-1 advisory.

    rabbitmq-server was implemented with a parallel versioned RPM package at version 3.13.1 (jsc#PED-8414):

    - Security issues fixed:

      * CVE-2021-22116: Fixed improper input validation that may lead to Denial of Sercice (DoS) attacks     (bsc#1186203)
      * CVE-2021-32718, CVE-2021-32719: Fixed potential for JavaScript code execution in the management UI         (bsc#1187818, bsc#1187819)
      * CVE-2022-31008: Fixed encryption key used to encrypt the URI was seeded with a predictable secret     (bsc#1205267)
      * CVE-2023-46118: Fixed HTTP API vulnerability for denial of service (DoS) attacks with very large     messages         (bsc#1216582)

    - Other bugs fixed:

      * Fixed RabbitMQ maintenance status issue (bsc#1199431)
      * Provide user/group for RPM 4.19 (bsc#1219532)
      * Fixed `rabbitmqctl` command for `add_user` (bsc#1222591)
      * Added hardening to systemd service(s) (bsc#1181400)
      * Use /run instead of deprecated /var/run in tmpfiles.conf (bsc#1185075)

    - For the full list of upstream changes of this update between version 3.8.11 and 3.13.1 please consult:

      * https://www.rabbitmq.com/release-information

    erlang26:

    - Provide RPM package as it's a dependency of rabbitmq-server313 (jsc#PED-8414)

    elixir115:

    - Provide RPM package as needed in some cases by rabbitmq-server313 (jsc#PED-8414)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3325-1 advisory.

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user     being added via management UI could lead to the user's bane being rendered in a confirmation message     without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the     context of the page. In order for this to occur, the user must be signed in and have elevated permissions     (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable     `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for     metrics and monitoring. (CVE-2021-32718)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a     federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management`     plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows     for JavaScript code execution in the context of the page. The user must be signed in and have elevated     permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in     RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI     tools](https://www.rabbitmq.com/cli.html) instead. (CVE-2021-32719)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3325-1 advisory.

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a     federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management`     plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows     for JavaScript code execution in the context of the page. The user must be signed in and have elevated     permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in     RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI     tools](https://www.rabbitmq.com/cli.html) instead. (CVE-2021-32719)

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user     being added via management UI could lead to the user's bane being rendered in a confirmation message     without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the     context of the page. In order for this to occur, the user must be signed in and have elevated permissions     (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable     `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for     metrics and monitoring. (CVE-2021-32718)

In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1334-1 advisory.

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a     federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management`     plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows     for JavaScript code execution in the context of the page. The user must be signed in and have elevated     permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in     RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI     tools](https://www.rabbitmq.com/cli.html) instead. (CVE-2021-32719)

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user     being added via management UI could lead to the user's bane being rendered in a confirmation message     without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the     context of the page. In order for this to occur, the user must be signed in and have elevated permissions     (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable     `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for     metrics and monitoring. (CVE-2021-32718)

In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3254-1 advisory.

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user     being added via management UI could lead to the user's bane being rendered in a confirmation message     without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the     context of the page. In order for this to occur, the user must be signed in and have elevated permissions     (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable     `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for     metrics and monitoring. (CVE-2021-32718)

  - RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a     federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management`     plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows     for JavaScript code execution in the context of the page. The user must be signed in and have elevated     permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in     RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI     tools](https://www.rabbitmq.com/cli.html) instead. (CVE-2021-32719)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2710 advisory.

  - An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and     3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions     prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are     vulnerable to XSS attacks. (CVE-2017-4965, CVE-2017-4967)

  - An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and     3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions     prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user     credentials in a browser's local storage without expiration, making it possible to retrieve them using a     chained attack. (CVE-2017-4966)

  - Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13,     versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual     host limits page, and the federation management UI, which do not properly sanitize user input. A remote     authenticated malicious user with administrative access could craft a cross site scripting attack that     would gain access to virtual hosts and policy management information. (CVE-2019-11281)

  - Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal     Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management     plugin that is vulnerable to a denial of service attack. The X-Reason HTTP Header can be leveraged to     insert a malicious Erlang format string that will expand and consume the heap, resulting in the server     crashing. (CVE-2019-11287)

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Jonathon Knudsen of Synopsys Cybersecurity Research Center reports :

All versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious client can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5004-1 advisory.

    It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this     issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.
    (CVE-2019-11287)

    Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs. An attacker could possibly use     this issue to cause a denial of service. (CVE-2021-22116)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Pivotal RabbitMQ versions 3.8.x prior to 3.8.16 are affected by a denial of service (DoS) vulnerability due to improper input validation. A remote attacker can exploit this by sending malicious AMQP messages in order to cause a crash.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
200752	SUSE SLES15 / openSUSE 15 : Feature update for rabbitmq-server313, erlang26, elixir115 (SUSE-SU-SUSE-FU-2024:2078-1)	Nessus	SuSE Local Security Checks	high
153969	SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3325-1)	Nessus	SuSE Local Security Checks	medium
153968	openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:3325-1)	Nessus	SuSE Local Security Checks	medium
153874	openSUSE 15 Security Update : rabbitmq-server (openSUSE-SU-2021:1334-1)	Nessus	SuSE Local Security Checks	medium
153798	SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3254-1)	Nessus	SuSE Local Security Checks	medium
152075	Debian DLA-2710-1 : rabbitmq-server - LTS security update	Nessus	Debian Local Security Checks	high
151121	FreeBSD : RabbitMQ -- Denial of Service via improper input validation (7003b62d-7252-46ff-a9df-1b1900f1e65b)	Nessus	FreeBSD Local Security Checks	high
150995	Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : RabbitMQ vulnerabilities (USN-5004-1)	Nessus	Ubuntu Local Security Checks	high
149704	Pivotal RabbitMQ 3.8.x < 3.8.16 DoS	Nessus	Misc.	high

Detections

Analytics

CVE-2021-22116

high

Tenable Plugins

high

medium

medium

medium

medium

high

high

high

high