==========================================================================
Ubuntu Security Notice USN-7143-1
December 09, 2024

rabbitmq-server vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

RabbitMQ Server could be made to expose sensitive information over the
network.

Software Description:
- rabbitmq-server: AMQP server written in Erlang

Details:

Christian Rellmann discovered that RabbitMQ Server did not properly
sanitize user input when adding a new user via the management UI. An
attacker could possibly use this issue to perform cross site scripting and
obtain sensitive information. (CVE-2021-32718)

Fahimhusain Raydurg discovered that RabbitMQ Server did not properly
sanitize user input when using the federation management plugin. An
attacker could possibly use this issue to perform cross site scripting and
obtain sensitive information. (CVE-2021-32719)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  rabbitmq-server                 3.8.3-0ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7143-1
  CVE-2021-32718, CVE-2021-32719

Package Information:
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.3-0ubuntu0.2