What the vulnerability does

01Description

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.

Key dates

02Disclosure timeline

May 18, 2021 CVE published
August 3, 2024 Record updated