CVE-2016-0929 RabbitMQ for PCF vulnerability


Severity

High

Vendor

Pivotal

Versions Affected
  • RabbitMQ for PCF versions 1.6.0 - 1.6.3
Description

If the command used to collect metrics from RabbitMQ for PCF takes credentials or secrets as an argument and the command fails, the command and arguments are written to stderr and logged to disk, which could be configured by the operator to be forwarded to syslog.

Mitigation

Affected RabbitMQ for PCF users should follow the appropriate mitigation below:

  • Upgrade RabbitMQ for PCF to version 1.6.4 or later
  • It is strongly recommended that affected users rotate their RabbitMQ for PCF administrator credentials. Refer to this document for instructions.