Pivotal + VMware: Transforming how more of the world builds software

All Vulnerability Reports

CVE-2016-0929 RabbitMQ for PCF vulnerability





Versions Affected
  • RabbitMQ for PCF versions 1.6.0 - 1.6.3

If the command used to collect metrics from RabbitMQ for PCF takes credentials or secrets as an argument and the command fails, the command and arguments are written to stderr and logged to disk, which could be configured by the operator to be forwarded to syslog.


Affected RabbitMQ for PCF users should follow the appropriate mitigation below:

  • Upgrade RabbitMQ for PCF to version 1.6.4 or later
  • It is strongly recommended that affected users rotate their RabbitMQ for PCF administrator credentials. Refer to this document for instructions.
Contact us