Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1279

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.

Published

2018-12-10T19:29:25.127

Last Modified

2024-11-21T03:59:31.903

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.5 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:N/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.5

Impact Score

2.9

Weaknesses

Type: Primary
CWE-330

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pivotal_software	rabbitmq	*	Yes

References

https://pivotal.io/security/cve-2018-1279 Mitigation, Vendor Advisory ([email protected])
https://pivotal.io/security/cve-2018-1279 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)