Unrated severityNVD Advisory· Published Dec 10, 2018· Updated Sep 17, 2024

RabbitMQ cluster compromise due to deterministically generated cookie

CVE-2018-1279

Description

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.

Affected products

Cloudfoundry/RabbitMQ for PCFllm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: 1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pivotal.io/security/cve-2018-1279mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000