CVE-2020-5419: RabbitMQ arbitrary code execution using local binary planting
23927
27 August 2020
27 August 2020
CLOSED
MEDIUM
CVE-2020-5419
Severity
Medium
Vendor
VMware
Description
RabbitMQ all versions prior to 3.7.28 and 3.8.x versions prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. VMware Tanzu RabbitMQ products are not impacted as they don't use the Windows version of RabbitMQ.Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- RabbitMQ
- All versions prior to v3.7.28
- 3.8.x versions prior to v3.8.7
Mitigation
- RabbitMQ
- v3.7.28
- v3.8.7
Credit
Ofir Hamam and Tomer Hadad at Ernst & Young's Hacktics Advanced Security Center
References
- https://github.com/rabbitmq/rabbitmq-server/releases/tag/v3.8.7
- https://tanzu.vmware.com/security/cve-2020-5419
History
2020-08-27: Initial vulnerability report published.