High severity7.5OSV Advisory· Published Sep 18, 2016· Updated Jun 17, 2026
CVE-2016-0929
CVE-2016-0929
Description
The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line.
Affected products
7- Range: rabbitmq_v1_4_0, rabbitmq_v1_5_0, rabbitmq_v1_6_0
cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:*:*:*
- Range: <1.6.4
Patches
Vulnerability mechanics
References
2- pivotal.io/security/cve-2016-0929nvdVendor Advisory
- www.securityfocus.com/bid/91801nvd
News mentions
0No linked articles in our index yet.