CVE-2021-22117

HIGH

RabbitMQ 3.8.0-3.8.15 - Unauthenticated Arbitrary Plugin Installation via Insecure Plugin Directory Permissions

Title source: llm
STIX 2.1

Description

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://tanzu.vmware.com/security/cve-2021-22117

Scores

CVSS v3 7.8
EPSS 0.0061
EPSS Percentile 44.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732 CWE-94
Status published
Products (1)
broadcom/rabbitmq_server 3.8.0 - 3.8.16
Published May 18, 2021
Tracked Since Feb 18, 2026