CVE-2020-5419: RabbitMQ arbitrary code execution using local binary planting
Severity
Medium
Vendor
VMware
Description
RabbitMQ all versions prior to 3.7.28 and 3.8.x versions prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. VMware Tanzu RabbitMQ products are not impacted as they don't use the Windows version of RabbitMQ.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
-
RabbitMQ
- All versions prior to v3.7.28
- 3.8.x versions prior to v3.8.7
Mitigation
Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:
-
RabbitMQ
- v3.7.28
- v3.8.7
Credit
Ofir Hamam and Tomer Hadad at Ernst & Young's Hacktics Advanced Security Center
References
- https://github.com/rabbitmq/rabbitmq-server/releases/tag/v3.8.7
- https://tanzu.vmware.com/security/cve-2020-5419
History
2020-08-27: Initial vulnerability report published.