CVE-2017-4966

{"id": "CVE-2017-4966", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-06-13T06:29:00.503", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html", "tags": ["Third Party Advisory"], "source": "security_alert@emc.com"}, {"url": "https://pivotal.io/security/cve-2017-4966", "tags": ["Mitigation", "Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://pivotal.io/security/cve-2017-4966", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack."}, {"lang": "es", "value": "Se detect\u00f3 un problema en estas versiones de RabbitMQ de Pivotal: todas las versiones 3.4.x, todas las versiones 3.5.x y versiones 3.6.x anteriores a 3.6.9; y en estas versiones de RabbitMQ de Pivotal para PCF: todas las versiones 1.5.x, versiones 1.6.x anteriores a 1.6.18 y versiones 1.7.x anteriores a 1.7.15. La interfaz de usuario de administraci\u00f3n de RabbitMQ almacena las credenciales de los usuarios registrados en el almacenamiento local de un navegador sin expiraci\u00f3n, lo que hace posible recuperarlas mediante un ataque encadenado."}], "lastModified": "2024-11-21T03:26:46.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DE6A4B2-0445-470B-B18C-2CFEB2A52455"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B52805C-6F10-4BCD-AA74-3E0C0FF5E3C2"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FE2FBE9-5D35-4273-8B83-A400D3A0136D"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B11709F3-3F1C-4FC2-9F2D-87951EC04308"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32F9F3F6-B1AF-423F-9F96-4329589B323A"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AECBDFAA-198F-4A47-835A-4E17C090DF02"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D879D6FD-39D7-4589-8DE7-C8DAAE6F165E"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE842A15-D676-4E00-AAD7-1088CE122876"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F40845F9-00D8-44F0-8B2E-60094A3D37CE"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3772B181-64DB-43AA-99C1-21378CF91E51"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B58103B8-6CD1-4DA6-B5A3-D1289B95A951"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F57DA292-66F8-4BE5-AD3B-C4400D6D1A42"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "385A9C6F-7933-4681-985E-31D7CED8B0FD"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D7EC8A4-16CB-451F-B70B-BE232F1BCAF5"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BBF7FB2-3D52-45BE-813A-6F73DFAF9EC6"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76B241B7-DE7C-4F95-A742-164020FCAED3"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09429E70-C395-4E95-9C83-5BDC8083C0AE"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9432656B-DB94-4E5F-83CB-38A9DA4FCA74"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37CD714F-30CD-4254-AF41-DEBEA9053706"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEC4C125-7594-4960-BF88-977D3A95D6BC"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1647A9D6-2D1F-461C-B0B8-B8A2FD9AB823"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "0DA89B77-6455-40CD-931E-BB07CD9A3166"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "52350E43-4AB5-45ED-AC31-CC948DB87631"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "42856F22-74CD-4278-8EAA-2C6582A7E658"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "F1C7EE64-A51B-4D02-AAC4-20F4D3FCB110"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "B0D8589A-B843-4130-8CC8-3D4C464CDB4D"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "62016F87-0B15-4D1B-A2AB-FC4769F95DB7"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "7DF99EF7-AFCB-4CA5-8F28-ABC9118612CE"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "2D9F3D8B-DDB3-4175-AAD7-8F952E9A7D2C"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "C5125B26-63EE-4FE8-97A1-DC6E11757ACA"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "6AF3BAA0-0AEA-4B96-9C91-E51789844A39"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "DD5F0850-F34B-4E79-A46D-B74F2E90C43A"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "DF23DD7D-16B4-408C-A825-C79487D79A0F"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "E792D92E-07A1-4E48-90CB-5EC7C99E0AF0"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "B873D04B-704B-468D-A2B1-8E04653806F3"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "13C9004B-590A-45F0-8AA9-713928A8F5F2"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "F22B84B3-438E-4E08-A02D-4A85C0C561B6"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "501A5F31-6DBA-4E90-8BAD-E1DFD0967D0F"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "3E99B39C-21AF-4F75-8D96-9B69F48C2A39"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.19:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "0CFACCBF-6C53-4A7F-AC0F-8A2D03E6D6EE"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "3C6E80B6-857B-4D53-B107-8667EFCCE0EA"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "95C7294C-C9D3-40F8-B3C9-40424D5FC124"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "66F85747-11AA-4133-B553-3C31152F0781"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "B425D53C-5713-401E-BE30-BCDE54F65857"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "758D57BA-3EA6-4036-8BDD-5BA2AAE25F77"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "036437B9-1A7F-4C60-B9FE-B38173BC6FAB"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "408D457F-4DE5-4280-8379-083DA78ECF00"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "C9D2B08D-9779-4E80-BAB6-870F81F24F7E"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "90F47590-6640-494F-8A93-A9AC70459DD5"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "5D1F88E0-4047-4ADE-A898-88FE6358D659"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "8647C50B-41CB-45CE-89E7-BB4B2759DE40"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.12:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "4960386C-07D9-4367-945C-278595DB6C0A"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.13:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "A49DCDFA-4D98-4AEC-91A1-612B85DDFB04"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.14:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "4FEB47ED-5D35-4151-B087-8324339DE5FE"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.15:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "65A513AD-9236-42D7-9D04-F318A5815640"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.16:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "6647F298-1B11-46D8-B68A-6B284BB1F7AD"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "9997C9C6-4918-4B74-92E4-012B58278DEC"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "F6DB5A36-22F9-4A2C-9ED0-68D1434B06D0"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "33C0370F-77A5-4A51-ABF2-21793CD57043"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "4C3C0A88-66F6-46D5-9A79-BEFB654979D6"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "1EC26CD6-172D-4DBE-8B23-59491E4765E1"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "669EA6CA-3F6C-4151-986D-173F1375B32B"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.7:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "69960839-7C03-4542-80D3-5C71795F8159"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.8:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "82CA3E75-AFD0-486A-9EFA-71A8CA780632"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.9:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "921374B4-B99F-4863-99D8-9FD938EF8EF0"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.10:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "C5344CFC-3100-4407-93E4-65594C3741B5"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.13:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "06B09408-573D-47A8-BC84-724DD88976E4"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.14:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "ADF54631-875A-45C4-9C0A-4836AB1F8309"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}