CVE-2017-4966
- Source
- https://cve.org/CVERecord?id=CVE-2017-4966
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-4966.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-4966
- Downstream
- Published
- 2017-06-13T06:29:00.503Z
- Modified
- 2026-04-09T05:46:43.974618Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.
- References
Affected packages
Git / github.com/rabbitmq/rabbitmq-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rabbitmq/rabbitmq-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "3.4.0" }, { "introduced": "0" }, { "last_affected": "3.4.1" }, { "introduced": "0" }, { "last_affected": "3.4.2" }, { "introduced": "0" }, { "last_affected": "3.4.3" }, { "introduced": "0" }, { "last_affected": "3.4.4" }, { "introduced": "0" }, { "last_affected": "3.5.0" }, { "introduced": "0" }, { "last_affected": "3.5.1" }, { "introduced": "0" }, { "last_affected": "3.5.2" }, { "introduced": "0" }, { "last_affected": "3.5.3" }, { "introduced": "0" }, { "last_affected": "3.5.6" }, { "introduced": "0" }, { "last_affected": "3.6.7" }, { "introduced": "0" }, { "last_affected": "3.5.4" }, { "introduced": "0" }, { "last_affected": "3.5.5" }, { "introduced": "0" }, { "last_affected": "3.5.7" }, { "introduced": "0" }, { "last_affected": "3.6.0" }, { "introduced": "0" }, { "last_affected": "3.6.1" }, { "introduced": "0" }, { "last_affected": "3.6.2" }, { "introduced": "0" }, { "last_affected": "3.6.3" }, { "introduced": "0" }, { "last_affected": "3.6.4" }, { "introduced": "0" }, { "last_affected": "3.6.5" }, { "introduced": "0" }, { "last_affected": "3.6.6" }, { "introduced": "0" }, { "last_affected": "1.5.0" }, { "introduced": "0" }, { "last_affected": "1.5.1" }, { "introduced": "0" }, { "last_affected": "1.5.2" }, { "introduced": "0" }, { "last_affected": "1.5.3" }, { "introduced": "0" }, { "last_affected": "1.5.4" }, { "introduced": "0" }, { "last_affected": "1.5.5" }, { "introduced": "0" }, { "last_affected": "1.6.0" }, { "introduced": "0" }, { "last_affected": "1.7.0" }, { "introduced": "0" }, { "last_affected": "1.7.2" } ] }
Affected versions
Other
rabbitmq_v1_4_0
rabbitmq_v1_5_0
rabbitmq_v1_5_1
rabbitmq_v1_5_2
rabbitmq_v1_5_3
rabbitmq_v1_5_4
rabbitmq_v1_5_5
rabbitmq_v1_6_0
rabbitmq_v1_7_0
rabbitmq_v1_7_2
rabbitmq_v1_8_1
rabbitmq_v2_4_0
rabbitmq_v2_7_1
rabbitmq_v2_8_0
rabbitmq_v3_0_0
rabbitmq_v3_0_1
rabbitmq_v3_0_2
rabbitmq_v3_0_3
rabbitmq_v3_0_4
rabbitmq_v3_1_1
rabbitmq_v3_1_2
rabbitmq_v3_1_3
rabbitmq_v3_1_4
rabbitmq_v3_1_5
rabbitmq_v3_2_1
rabbitmq_v3_2_2
rabbitmq_v3_2_3
rabbitmq_v3_2_4
rabbitmq_v3_3_0
rabbitmq_v3_3_1
rabbitmq_v3_3_2
rabbitmq_v3_3_3
rabbitmq_v3_3_4
rabbitmq_v3_3_5
rabbitmq_v3_4_0
rabbitmq_v3_4_1
rabbitmq_v3_4_2
rabbitmq_v3_4_3
rabbitmq_v3_4_4
rabbitmq_v3_5_0
rabbitmq_v3_5_1
rabbitmq_v3_5_2
rabbitmq_v3_5_3
rabbitmq_v3_5_4
rabbitmq_v3_5_4_rc1
rabbitmq_v3_5_4_rc2
rabbitmq_v3_5_5
rabbitmq_v3_5_5_rc1
rabbitmq_v3_5_5_rc2
rabbitmq_v3_5_6
rabbitmq_v3_5_7
rabbitmq_v3_5_7_rc1
rabbitmq_v3_5_7_rc2
rabbitmq_v3_6_0
rabbitmq_v3_6_0_milestone1
rabbitmq_v3_6_0_milestone2
rabbitmq_v3_6_0_milestone3
rabbitmq_v3_6_0_rc1
rabbitmq_v3_6_0_rc2
rabbitmq_v3_6_0_rc3
rabbitmq_v3_6_1
rabbitmq_v3_6_1_rc1
rabbitmq_v3_6_1_rc2
rabbitmq_v3_6_2
rabbitmq_v3_6_2_milestone1
rabbitmq_v3_6_2_milestone2
rabbitmq_v3_6_2_milestone3
rabbitmq_v3_6_2_milestone4
rabbitmq_v3_6_2_milestone5
rabbitmq_v3_6_2_rc1
rabbitmq_v3_6_2_rc2
rabbitmq_v3_6_2_rc3
rabbitmq_v3_6_2_rc4
rabbitmq_v3_6_3
rabbitmq_v3_6_3_milestone1
rabbitmq_v3_6_3_milestone2
rabbitmq_v3_6_3_rc1
rabbitmq_v3_6_3_rc2
rabbitmq_v3_6_3_rc3
rabbitmq_v3_6_4
rabbitmq_v3_6_4_milestone1
rabbitmq_v3_6_4_milestone2
rabbitmq_v3_6_4_rc1
rabbitmq_v3_6_5
rabbitmq_v3_6_5_milestone1
rabbitmq_v3_6_5_milestone2
rabbitmq_v3_6_6
rabbitmq_v3_6_6_milestone1
rabbitmq_v3_6_6_milestone2
rabbitmq_v3_6_6_milestone3
rabbitmq_v3_6_6_milestone4
rabbitmq_v3_6_6_milestone5
rabbitmq_v3_6_6_rc1
rabbitmq_v3_6_6_rc2
rabbitmq_v3_6_7
rabbitmq_v3_6_7_milestone1
rabbitmq_v3_6_7_milestone2
rabbitmq_v3_6_7_milestone3
rabbitmq_v3_6_7_milestone4
rabbitmq_v3_6_7_milestone5
rabbitmq_v3_6_7_milestone6
rabbitmq_v3_6_7_rc1
rabbitmq_v3_6_7_rc2
rabbitmq_v3_6_7_rc3
rabbitmq_v3_6_8
rabbitmq_v3_7_0_milestone6
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5.19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-4966.json"