CVE-2018-1279
Last modified
CVE-2018-1279 is a vulnerability of currently unknown severity. Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.. EPSS estimates a 1.83% chance of exploitation in the next 30 days.
Description
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pivotal Software | Rabbitmq | All versions |
References
- https://pivotal.io/security/cve-2018-1279Mitigation, Vendor Advisory
- https://pivotal.io/security/cve-2018-1279Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1279?
How severe is CVE-2018-1279?
How do I fix CVE-2018-1279?
Are you affected by CVE-2018-1279?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST