[Git][security-tracker-team/security-tracker][master] mark CVE-2019-11281 of rabbitmq-server as no-dsa for Jessie

Tue Oct 22 14:15:30 BST 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f86d7994 by Thorsten Alteholz at 2019-10-22T13:15:41Z
mark CVE-2019-11281 of rabbitmq-server as no-dsa for Jessie

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21240,7 +21240,12 @@ CVE-2019-11282
 	RESERVED
 CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, ver ...)
 	- rabbitmq-server 3.7.18-1 (low)
+	[jessie] - rabbtimq-server <no-dsa> (Minor issue; one plugin not vulnerable, the other only exploitable by malicious admin)
 	NOTE: https://pivotal.io/security/cve-2019-11281
+	NOTE: fix for vhost limit feature: https://github.com/rabbitmq/rabbitmq-management/commit/42def1b51243397c1cb9192d6d064351e358bacc
+	NOTE: which was only introduced in 3.7.0-beta.19
+	NOTE: federation management plugin: exploitable only by a remote authenticated malicious user
+	NOTE:  with administrative access
 CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
 	NOT-FOR-US: Pivotal
 CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a client that s ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f86d799461520e567bfa4a25229701d828e3b674

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f86d799461520e567bfa4a25229701d828e3b674
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191022/0dae3e23/attachment.html>
