CVE-2020-5419

MEDIUM

RabbitMQ <3.8.7 - RCE

Title source: llm

Description

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.

References (1)

[Vendor Advisory] https://tanzu.vmware.com/security/cve-2020-5419

Scores

CVSS v3 6.7

EPSS 0.0007

EPSS Percentile 21.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

broadcom/rabbitmq_server < 3.8.7

pivotal_software/rabbitmq < 3.7.28

Timeline

Published Aug 31, 2020

Tracked Since Feb 18, 2026