CVE-2021-22117

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.

Summary:

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.

Reference Links(if available):

  • https://tanzu.vmware.com/security/cve-2021-22117
  • CVSS Score (if available)

    v2: / HIGH

    v3: /

    Links to Exploits(if available)