vulnerability

Ubuntu: USN-7143-1 (CVE-2021-32719): RabbitMQ Server vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Jun 28, 2021	Dec 10, 2024	Mar 27, 2026

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Jun 28, 2021

Added

Dec 10, 2024

Modified

Mar 27, 2026

Description

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.

Solution

ubuntu-upgrade-rabbitmq-server

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report