CVE-2017-4966
- Source
- https://cve.org/CVERecord?id=CVE-2017-4966
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-4966.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-4966
- Downstream
- Published
- 2017-06-13T06:29:00.503Z
- Modified
- 2026-05-28T04:04:03.406593430Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.
- Database specific
{ "unresolved_ranges": [ { "vendor_product": "debian:debian_linux", "extracted_events": [ { "last_affected": "9.0" } ], "cpes": [ "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ], "source": "CPE_STRING" }, { "vendor_product": "pivotal_software:rabbitmq", "extracted_events": [ { "last_affected": "1.5.6" }, { "last_affected": "1.5.7" }, { "last_affected": "1.5.8" }, { "last_affected": "1.5.9" }, { "last_affected": "1.5.10" }, { "last_affected": "1.5.11" }, { "last_affected": "1.5.12" }, { "last_affected": "1.5.13" }, { "last_affected": "1.5.14" }, { "last_affected": "1.5.15" }, { "last_affected": "1.5.17" }, { "last_affected": "1.5.18" }, { "last_affected": "1.5.19" }, { "last_affected": "1.6.1" }, { "last_affected": "1.6.2" }, { "last_affected": "1.6.3" }, { "last_affected": "1.6.4" }, { "last_affected": "1.6.5" }, { "last_affected": "1.6.6" }, { "last_affected": "1.6.7" }, { "last_affected": "1.6.8" }, { "last_affected": "1.6.9" }, { "last_affected": "1.6.10" }, { "last_affected": "1.6.12" }, { "last_affected": "1.6.13" }, { "last_affected": "1.6.14" }, { "last_affected": "1.6.15" }, { "last_affected": "1.6.16" }, { "last_affected": "1.7.3" }, { "last_affected": "1.7.4" }, { "last_affected": "1.7.5" }, { "last_affected": "1.7.6" }, { "last_affected": "1.7.7" }, { "last_affected": "1.7.8" }, { "last_affected": "1.7.9" }, { "last_affected": "1.7.10" }, { "last_affected": "1.7.13" }, { "last_affected": "1.7.14" } ], "cpes": [ "cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.19:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.12:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.13:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.14:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.15:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.16:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.7.10:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.7.13:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.7.14:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.7.7:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.7.8:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.7.9:*:*:*:*:pivotal_cloud_foundry:*:*" ], "source": "CPE_STRING" } ] }- References
Affected packages
Git / github.com/rabbitmq/rabbitmq-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rabbitmq/rabbitmq-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "last_affected": "3.4.0" }, { "last_affected": "3.4.1" }, { "last_affected": "3.4.2" }, { "last_affected": "3.4.3" }, { "last_affected": "3.4.4" }, { "last_affected": "3.5.0" }, { "last_affected": "3.5.1" }, { "last_affected": "3.5.2" }, { "last_affected": "3.5.3" }, { "last_affected": "3.5.6" }, { "last_affected": "3.6.7" }, { "last_affected": "3.5.4" }, { "last_affected": "3.5.5" }, { "last_affected": "3.5.7" }, { "last_affected": "3.6.0" }, { "last_affected": "3.6.1" }, { "last_affected": "3.6.2" }, { "last_affected": "3.6.3" }, { "last_affected": "3.6.4" }, { "last_affected": "3.6.5" }, { "last_affected": "3.6.6" }, { "last_affected": "1.5.0" }, { "last_affected": "1.5.1" }, { "last_affected": "1.5.2" }, { "last_affected": "1.5.3" }, { "last_affected": "1.5.4" }, { "last_affected": "1.5.5" }, { "last_affected": "1.6.0" }, { "last_affected": "1.7.0" }, { "last_affected": "1.7.2" } ], "cpe": [ "cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:broadcom:rabbitmq_server:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:broadcom:rabbitmq_server:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:broadcom:rabbitmq_server:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:broadcom:rabbitmq_server:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:broadcom:rabbitmq_server:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:broadcom:rabbitmq_server:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:broadcom:rabbitmq_server:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:broadcom:rabbitmq_server:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:broadcom:rabbitmq_server:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:broadcom:rabbitmq_server:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*", "cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*" ], "source": "CPE_STRING" }
Affected versions
Other
rabbitmq_v1_4_0
rabbitmq_v1_5_0
rabbitmq_v1_5_1
rabbitmq_v1_5_2
rabbitmq_v1_5_3
rabbitmq_v1_5_4
rabbitmq_v1_5_5
rabbitmq_v1_6_0
rabbitmq_v1_7_0
rabbitmq_v1_7_2
rabbitmq_v1_8_1
rabbitmq_v2_4_0
rabbitmq_v2_7_1
rabbitmq_v2_8_0
rabbitmq_v3_0_0
rabbitmq_v3_0_1
rabbitmq_v3_0_2
rabbitmq_v3_0_3
rabbitmq_v3_0_4
rabbitmq_v3_1_1
rabbitmq_v3_1_2
rabbitmq_v3_1_3
rabbitmq_v3_1_4
rabbitmq_v3_1_5
rabbitmq_v3_2_1
rabbitmq_v3_2_2
rabbitmq_v3_2_3
rabbitmq_v3_2_4
rabbitmq_v3_3_0
rabbitmq_v3_3_1
rabbitmq_v3_3_2
rabbitmq_v3_3_3
rabbitmq_v3_3_4
rabbitmq_v3_3_5
rabbitmq_v3_4_0
rabbitmq_v3_4_1
rabbitmq_v3_4_2
rabbitmq_v3_4_3
rabbitmq_v3_4_4
rabbitmq_v3_5_0
rabbitmq_v3_5_1
rabbitmq_v3_5_2
rabbitmq_v3_5_3
rabbitmq_v3_5_4
rabbitmq_v3_5_4_rc1
rabbitmq_v3_5_4_rc2
rabbitmq_v3_5_5
rabbitmq_v3_5_5_rc1
rabbitmq_v3_5_5_rc2
rabbitmq_v3_5_6
rabbitmq_v3_5_7
rabbitmq_v3_5_7_rc1
rabbitmq_v3_5_7_rc2
rabbitmq_v3_6_0
rabbitmq_v3_6_0_milestone1
rabbitmq_v3_6_0_milestone2
rabbitmq_v3_6_0_milestone3
rabbitmq_v3_6_0_rc1
rabbitmq_v3_6_0_rc2
rabbitmq_v3_6_0_rc3
rabbitmq_v3_6_1
rabbitmq_v3_6_1_rc1
rabbitmq_v3_6_1_rc2
rabbitmq_v3_6_2
rabbitmq_v3_6_2_milestone1
rabbitmq_v3_6_2_milestone2
rabbitmq_v3_6_2_milestone3
rabbitmq_v3_6_2_milestone4
rabbitmq_v3_6_2_milestone5
rabbitmq_v3_6_2_rc1
rabbitmq_v3_6_2_rc2
rabbitmq_v3_6_2_rc3
rabbitmq_v3_6_2_rc4
rabbitmq_v3_6_3
rabbitmq_v3_6_3_milestone1
rabbitmq_v3_6_3_milestone2
rabbitmq_v3_6_3_rc1
rabbitmq_v3_6_3_rc2
rabbitmq_v3_6_3_rc3
rabbitmq_v3_6_4
rabbitmq_v3_6_4_milestone1
rabbitmq_v3_6_4_milestone2
rabbitmq_v3_6_4_rc1
rabbitmq_v3_6_5
rabbitmq_v3_6_5_milestone1
rabbitmq_v3_6_5_milestone2
rabbitmq_v3_6_6
rabbitmq_v3_6_6_milestone1
rabbitmq_v3_6_6_milestone2
rabbitmq_v3_6_6_milestone3
rabbitmq_v3_6_6_milestone4
rabbitmq_v3_6_6_milestone5
rabbitmq_v3_6_6_rc1
rabbitmq_v3_6_6_rc2
rabbitmq_v3_6_7
rabbitmq_v3_6_7_milestone1
rabbitmq_v3_6_7_milestone2
rabbitmq_v3_6_7_milestone3
rabbitmq_v3_6_7_milestone4
rabbitmq_v3_6_7_milestone5
rabbitmq_v3_6_7_milestone6
rabbitmq_v3_6_7_rc1
rabbitmq_v3_6_7_rc2
rabbitmq_v3_6_7_rc3
rabbitmq_v3_6_8
rabbitmq_v3_7_0_milestone6