CVE-2016-0929

Published: Sep 18, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line.

Affected (4)

Products: Pivotal Software: Rabbitmq

Pivotal Software

1 product

Rabbitmq

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Pivotal Software Rabbitmq	Version 1.6.0
Pivotal Software Rabbitmq	Version 1.6.1
Pivotal Software Rabbitmq	Version 1.6.2
Pivotal Software Rabbitmq	Version 1.6.3

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/91801

Source: security_alert@emc.com

https://pivotal.io/security/cve-2016-0929

Source: security_alert@emc.com

Vendor Advisory

http://www.securityfocus.com/bid/91801

Source: af854a3a-2127-422b-91ae-364da2661108

https://pivotal.io/security/cve-2016-0929

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.