Bug 1187818 - (CVE-2021-32718) VUL-1: CVE-2021-32718: rabbitmq-server: improper neutralization of script-related HTML tagsin a web page (basic XSS) in management UI
(CVE-2021-32718)
VUL-1: CVE-2021-32718: rabbitmq-server: improper neutralization of script-rel...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/303121/
CVSSv3.1:SUSE:CVE-2021-32718:3.1:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-06-29 10:17 UTC by Alexander Bergmann
Modified: 2021-10-09 22:18 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2021-06-29 10:17:35 UTC
rh#1977002

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.

Reference:
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772

Upstream patch:
https://github.com/rabbitmq/rabbitmq-server/pull/3028

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1977002
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32718
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772
https://github.com/rabbitmq/rabbitmq-server/pull/3028
Comment 3 Swamp Workflow Management 2021-09-29 19:17:59 UTC
SUSE-SU-2021:3254-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185075,1186203,1187818,1187819
CVE References: CVE-2021-22116,CVE-2021-32718,CVE-2021-32719
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    rabbitmq-server-3.8.3-3.3.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2021-10-04 19:21:41 UTC
openSUSE-SU-2021:1334-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185075,1186203,1187818,1187819
CVE References: CVE-2021-22116,CVE-2021-32718,CVE-2021-32719
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    rabbitmq-server-3.8.3-lp152.2.3.1
Comment 5 Swamp Workflow Management 2021-10-09 22:16:47 UTC
openSUSE-SU-2021:3325-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185075,1186203,1187818,1187819
CVE References: CVE-2021-22116,CVE-2021-32718,CVE-2021-32719
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    rabbitmq-server-3.8.11-3.3.3
Comment 6 Swamp Workflow Management 2021-10-09 22:18:24 UTC
SUSE-SU-2021:3325-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185075,1186203,1187818,1187819
CVE References: CVE-2021-22116,CVE-2021-32718,CVE-2021-32719
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    rabbitmq-server-3.8.11-3.3.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.