Sicherheit: Cross-Site Scripting in RabbitMQ

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6537859845197739085==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------br20IAti0vrGczdgq7EUN7Yi"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------br20IAti0vrGczdgq7EUN7Yi
Content-Type: multipart/mixed;
boundary="------------9otZj9LqA1c918sr9bYQG59J";
protected-headers="v1"
From: Fabian Toepfer <fabian.toepfer@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <3fafa79a-81f0-4a08-885e-3c639e452069@canonical.com>
Subject: [USN-7399-1] RabbitMQ Server vulnerability

--------------9otZj9LqA1c918sr9bYQG59J
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7399-1
March 31, 2025

rabbitmq-server vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

RabbitMQ Server's management UI could be made to run code via
cross-site scripting (XSS).

Software Description:
- rabbitmq-server: AMQP server written in Erlang

Details:

It was discovered that RabbitMQ Server's management UI did not sanitize
certain input. An attacker could possibly use this issue to inject code
by performing a cross-site scripting (XSS) attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
rabbitmq-server                 3.12.1-1ubuntu2.1

Ubuntu 24.04 LTS
rabbitmq-server                 3.12.1-1ubuntu1.2

Ubuntu 22.04 LTS
rabbitmq-server                 3.9.27-0ubuntu0.2

Ubuntu 20.04 LTS
rabbitmq-server                 3.8.3-0ubuntu0.3

After a standard system update you need to restart RabbitMQ Server to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7399-1
CVE-2025-30219

Package Information:
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.12.1-1ubuntu2.1
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.12.1-1ubuntu1.2
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.9.27-0ubuntu0.2
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.3-0ubuntu0.3

--------------9otZj9LqA1c918sr9bYQG59J--

--------------br20IAti0vrGczdgq7EUN7Yi
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmfq31oFAwAAAAAACgkQCAvK1QvD6SCi
QxAAvNydvDar9NW/K1vbgxcdxNT/geLo5cFAbsZrVFqkUif2qYnZSz9JSG+G5eRyFJDlPpTFmVB1
ao3aCq1R2LPkjb2bV0ZNrSdoER9LkXs9pFzEMUwrrreUbk60JKwH/O+B+SU2YxTWIV2ynvQHZWID
ehfB4yAv2+1nH8TZwyBw5lE1UPyDxNfoUdYM3IdW/UciQY20SqeN8esd4cGRb4Z/aiqha+4qsCDm
WcsUNzCVCMzY/XQG/GldB/9xkx6vq+SgZJY3Lk4caILw1vfmKIfVP9g+gPkhIviir9jgbWHr3XOh
Ov0NZL1RWyZGgxemKia8CIcqHmsV5C9VehyyG7jooYt1MNeGLnrE1XYizW82zUy/BgzDkum0WxOv
F77ryLCnXqxNLmdXw51peQbglmcHlUZESCGMfVxlduVSFkgEIBimFSIAS2SNvUfkkxIURl2nqzNw
fcjwkUlfmbYoQQ+1BKtXmtbP+462y9kgE1W4dluCgI/HAW7wT+tEq9wrBm+R0F+6dyh0eyt98/vz
VwKbejtLIgkKR6WUfLaBiUUDY4P6NZ65qpgGsFsoXNkjVxyndg0hJwWD76UtlwNmyuUw/lNWSeM7
gObQPwqSwLM8ejd5LiCVYj6E/rx++QwZCrGC65CY1IX3XF93Okt+hae87Y/6pmVfty0vT4Tcq3Mv
CXA=
=D5vG
-----END PGP SIGNATURE-----

--------------br20IAti0vrGczdgq7EUN7Yi--

--===============6537859845197739085==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============6537859845197739085==--