All Vulnerability Reports

CVE-2020-5419: RabbitMQ arbitrary code execution using local binary planting


Severity

Medium

Vendor

VMware

Description

RabbitMQ all versions prior to 3.7.28 and 3.8.x versions prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. VMware Tanzu RabbitMQ products are not impacted as they don't use the Windows version of RabbitMQ.

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

  • RabbitMQ
    • All versions prior to v3.7.28
    • 3.8.x versions prior to v3.8.7

Mitigation

Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:

  • RabbitMQ
    • v3.7.28
    • v3.8.7

Credit

Ofir Hamam and Tomer Hadad at Ernst & Young's Hacktics Advanced Security Center

References

History

2020-08-27: Initial vulnerability report published.