CVE-2021-22117
7.8
HIGH
CVSS 3.1
EPSS 0.10%
Description
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.
How to fix CVE-2021-22117
To remediate CVE-2021-22117, upgrade the affected package to a fixed version below.
- Bitnami/rabbitmq—upgrade to 3.8.16 or later
Is CVE-2021-22117 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 3.8.0, < 3.8.16
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |