Candidate: CVE-2020-5419
PublicDate: 2020-08-31 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5419
 https://tanzu.vmware.com/security/cve-2020-5419
Description:
 RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific
 binary planting security vulnerability that allows for arbitrary code
 execution. An attacker with write privileges to the RabbitMQ installation
 directory and local access on Windows could carry out a local binary
 hijacking (planting) attack and execute arbitrary code.
Ubuntu-Description:
Notes:
 mdeslaur> windows-specific
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [6.7 MEDIUM]


Patches_rabbitmq-server:
upstream_rabbitmq-server: needs-triage
precise/esm_rabbitmq-server: DNE
trusty_rabbitmq-server: ignored (out of standard support)
trusty/esm_rabbitmq-server: DNE
xenial_rabbitmq-server: not-affected
esm-infra/xenial_rabbitmq-server: not-affected
bionic_rabbitmq-server: not-affected
focal_rabbitmq-server: not-affected
devel_rabbitmq-server: not-affected