CVE-2016-0929 RabbitMQ for PCF vulnerability
Severity
High
Vendor
Pivotal
Versions Affected
- RabbitMQ for PCF versions 1.6.0 - 1.6.3
Description
If the command used to collect metrics from RabbitMQ for PCF takes credentials or secrets as an argument and the command fails, the command and arguments are written to stderr and logged to disk, which could be configured by the operator to be forwarded to syslog.
Mitigation
Affected RabbitMQ for PCF users should follow the appropriate mitigation below:
- Upgrade RabbitMQ for PCF to version 1.6.4 or later
- It is strongly recommended that affected users rotate their RabbitMQ for PCF administrator credentials. Refer to this document for instructions.