CVE-2016-0929 RabbitMQ for PCF vulnerability
- RabbitMQ for PCF versions 1.6.0 - 1.6.3
If the command used to collect metrics from RabbitMQ for PCF takes credentials or secrets as an argument and the command fails, the command and arguments are written to stderr and logged to disk, which could be configured by the operator to be forwarded to syslog.
Affected RabbitMQ for PCF users should follow the appropriate mitigation below:
- Upgrade RabbitMQ for PCF to version 1.6.4 or later
- It is strongly recommended that affected users rotate their RabbitMQ for PCF administrator credentials. Refer to this document for instructions.