CVE-2021-32719 Overview
CVE-2021-32719 is a stored Cross-Site Scripting (XSS) vulnerability in RabbitMQ, a widely-used multi-protocol messaging broker. The vulnerability exists in rabbitmq-server versions prior to 3.8.18, specifically within the rabbitmq_federation_management plugin. When a federation link is displayed in the RabbitMQ management UI, its consumer tag is rendered without proper <script> tag sanitization, potentially allowing malicious JavaScript code execution in the context of the authenticated user's browser session.
Critical Impact
Authenticated attackers with federation management privileges can inject malicious JavaScript that executes in the browser context of other administrators viewing federation links, potentially leading to session hijacking, credential theft, or unauthorized administrative actions.
Affected Products
- VMware RabbitMQ versions prior to 3.8.18
- RabbitMQ deployments using the rabbitmq_federation_management plugin
- RabbitMQ Management UI with federation features enabled
Discovery Timeline
- 2021-06-28 - CVE-2021-32719 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2021-32719
Vulnerability Analysis
This vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page). The flaw resides in the RabbitMQ management UI's handling of federation link consumer tags when rendered through the rabbitmq_federation_management plugin.
The attack requires authenticated access to the RabbitMQ management interface with elevated permissions—specifically the ability to manage federation upstreams and policies. While this restricts the attack surface to privileged users, it creates a significant risk in multi-administrator environments where a compromised or malicious administrator could target other privileged users.
The vulnerability enables code execution within the browser context, which could lead to session token theft, unauthorized configuration changes, or further lateral movement within the messaging infrastructure.
Root Cause
The root cause is insufficient input sanitization in the management UI rendering logic. When federation links are displayed, the consumer tag field is directly rendered in the HTML output without proper encoding or sanitization of HTML special characters. This allows <script> tags embedded in consumer tag values to be interpreted and executed by the browser rather than being displayed as plain text.
Attack Vector
The attack vector is network-based and requires user interaction. An attacker with valid credentials and federation management permissions must first inject malicious JavaScript into a consumer tag value. When another administrator navigates to the federation management page in the RabbitMQ UI, the unsanitized script executes in their browser session.
The exploitation flow involves:
- Attacker authenticates to RabbitMQ management interface with federation management privileges
- Attacker creates or modifies a federation link with a malicious consumer tag containing JavaScript
- Victim administrator views the federation links page
- Malicious JavaScript executes in the victim's authenticated session
Detection Methods for CVE-2021-32719
Indicators of Compromise
- Unusual or suspicious consumer tag values in federation link configurations containing <script> tags or JavaScript event handlers
- Unexpected federation upstream or policy changes in RabbitMQ audit logs
- Browser-based alerts or unusual behavior when accessing the RabbitMQ management UI
- Federation link names or consumer tags containing encoded HTML entities or obfuscated JavaScript
Detection Strategies
- Monitor RabbitMQ audit logs for federation configuration changes by unexpected users or at unusual times
- Implement Content Security Policy (CSP) headers to detect and block inline script execution attempts
- Review federation link configurations periodically for suspicious or malformed consumer tag values
- Deploy web application firewall (WAF) rules to detect XSS payloads in RabbitMQ management traffic
Monitoring Recommendations
- Enable verbose logging for the RabbitMQ management plugin and federation management operations
- Configure alerting for any federation upstream or policy modifications
- Monitor browser console logs for JavaScript errors or CSP violations when accessing the management UI
- Implement network monitoring to detect unusual patterns in management UI traffic
How to Mitigate CVE-2021-32719
Immediate Actions Required
- Upgrade RabbitMQ to version 3.8.18 or later immediately
- Review all existing federation link configurations for suspicious consumer tag values
- Audit user accounts with federation management permissions and remove unnecessary access
- Consider temporarily disabling the rabbitmq_federation_management plugin until patching is complete
Patch Information
The vulnerability is patched in RabbitMQ version 3.8.18. VMware has addressed the issue by implementing proper HTML sanitization for consumer tag values in the management UI. For detailed patch information, refer to the GitHub Pull Request #3122 and the GitHub Security Advisory GHSA-5452-hxj4-773x.
Workarounds
- Disable the rabbitmq_federation_management plugin and use CLI tools for federation management instead
- Restrict access to the RabbitMQ management UI to trusted networks only
- Implement strict access controls limiting federation management permissions to essential personnel
- Deploy a reverse proxy with XSS filtering capabilities in front of the management UI
# Disable the federation management plugin as a workaround
rabbitmq-plugins disable rabbitmq_federation_management
# Verify the plugin is disabled
rabbitmq-plugins list | grep federation
# Use CLI for federation management instead
rabbitmqctl list_parameters --formatter=json
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
