Oval Definition:	oval:org.opensuse.security:def:201911291
Revision Date: 2022-05-22 Version: 1 Title: CVE-2019-11291 Description: Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2019-11291 SUSE CVE-2019-11291 Platform(s): SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis SUSE OpenStack Cloud 7 is installed AND rabbitmq-server is not affected Definition Synopsis Release Information SUSE OpenStack Cloud 8 is installed OR SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information rabbitmq-server is not affected OR rabbitmq-server-plugins is not affected Definition Synopsis Release Information SUSE OpenStack Cloud 9 is installed OR SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information rabbitmq-server is not affected OR rabbitmq-server-plugins is not affected
BACK