Bug 1187819 - (CVE-2021-32719) VUL-0: CVE-2021-32719: rabbitmq-server: improper neutralization of script-related HTML tags in a web page (basic XSS) in federation management plugin
(CVE-2021-32719)
VUL-0: CVE-2021-32719: rabbitmq-server: improper neutralization of script-rel...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/303122/
CVSSv3.1:SUSE:CVE-2021-32719:3.1:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-06-29 10:17 UTC by Alexander Bergmann
Modified: 2021-10-09 22:18 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2021-06-29 10:17:37 UTC
rh#1977008

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.

Reference:
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x

Upstream patch:
https://github.com/rabbitmq/rabbitmq-server/pull/3122

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1977008
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32719
https://github.com/rabbitmq/rabbitmq-server/pull/3122
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x
Comment 3 Danilo Spinella 2021-07-13 15:22:38 UTC
                | SLES11-SP3 | SLES15-SP2 | SLES15-SP3
rabbitmq-server |    2.8.7   |   3.8.3    |   3.8.11

It seems to me that the bug does not affect version 2.8.7. Can you please confirm?
Comment 4 Robert Frohl 2021-07-13 15:25:48 UTC
(In reply to Danilo Spinella from comment #3)
>                 | SLES11-SP3 | SLES15-SP2 | SLES15-SP3
> rabbitmq-server |    2.8.7   |   3.8.3    |   3.8.11
> 
> It seems to me that the bug does not affect version 2.8.7. Can you please
> confirm?

still under support are these codestreams:

SUSE:SLE-12-SP2:Update:Products:Cloud7:Update/rabbitmq-server
SUSE:SLE-12-SP3:Update:Products:Cloud8:Update/rabbitmq-server
SUSE:SLE-12-SP4:Update:Products:Cloud9:Update/rabbitmq-server
SUSE:SLE-15-SP2:Update/rabbitmq-server
SUSE:SLE-15-SP3:Update/rabbitmq-server

SLES11-SP3 is not supported anymore.

for Cloud* it might be enough to re-assign to cloud-bugs@suse.de
Comment 6 Swamp Workflow Management 2021-09-29 19:18:05 UTC
SUSE-SU-2021:3254-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185075,1186203,1187818,1187819
CVE References: CVE-2021-22116,CVE-2021-32718,CVE-2021-32719
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    rabbitmq-server-3.8.3-3.3.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2021-10-04 19:21:46 UTC
openSUSE-SU-2021:1334-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185075,1186203,1187818,1187819
CVE References: CVE-2021-22116,CVE-2021-32718,CVE-2021-32719
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    rabbitmq-server-3.8.3-lp152.2.3.1
Comment 8 Swamp Workflow Management 2021-10-09 22:16:54 UTC
openSUSE-SU-2021:3325-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185075,1186203,1187818,1187819
CVE References: CVE-2021-22116,CVE-2021-32718,CVE-2021-32719
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    rabbitmq-server-3.8.11-3.3.3
Comment 9 Swamp Workflow Management 2021-10-09 22:18:31 UTC
SUSE-SU-2021:3325-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1185075,1186203,1187818,1187819
CVE References: CVE-2021-22116,CVE-2021-32718,CVE-2021-32719
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    rabbitmq-server-3.8.11-3.3.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.