CVE-2018-1279 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-1279 Interim 1 19 2023-06-26T00:08:27Z current 2021-05-30T14:07:01Z 2023-06-26T00:08:27Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-1279 Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE Enterprise Storage 4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 rabbitmq-server rabbitmq-server-plugins rabbitmq-server as a component of HPE Helion OpenStack 8 rabbitmq-server-plugins as a component of HPE Helion OpenStack 8 rabbitmq-server as a component of SUSE Enterprise Storage 4 rabbitmq-server as a component of SUSE OpenStack Cloud 7 rabbitmq-server-plugins as a component of SUSE OpenStack Cloud 7 rabbitmq-server as a component of SUSE OpenStack Cloud 8 rabbitmq-server-plugins as a component of SUSE OpenStack Cloud 8 rabbitmq-server as a component of SUSE OpenStack Cloud Crowbar 8 rabbitmq-server-plugins as a component of SUSE OpenStack Cloud Crowbar 8 Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster. CVE-2018-1279 HPE Helion OpenStack 8:rabbitmq-server HPE Helion OpenStack 8:rabbitmq-server-plugins SUSE Enterprise Storage 4:rabbitmq-server SUSE OpenStack Cloud 7:rabbitmq-server SUSE OpenStack Cloud 7:rabbitmq-server-plugins SUSE OpenStack Cloud 8:rabbitmq-server SUSE OpenStack Cloud 8:rabbitmq-server-plugins SUSE OpenStack Cloud Crowbar 8:rabbitmq-server SUSE OpenStack Cloud Crowbar 8:rabbitmq-server-plugins moderate 3.3 AV:A/AC:L/Au:N/C:P/I:N/A:N 6.5 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N