all InfoSec news
CVE-2023-33246 (rocketmq)
May 24, 2023, 3:15 p.m. |
National Vulnerability Database web.nvd.nist.gov
Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.Â
To prevent these attacks, users are recommended …
command components conditions configuration cve exploit function leaked nameserver permission risk system under update verification vulnerability
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-45955 (lightstrip_firmware)
6 months, 2 weeks ago |
web.nvd.nist.gov
CVE-2023-21380 (android)
6 months, 2 weeks ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months, 2 weeks ago |
web.nvd.nist.gov
CVE-2023-21385 (android)
6 months, 2 weeks ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Security Engineer II - Java Fullstack, AWS
@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
Consultant Cybersécurité Industrielle (F-H-X)
@ Bureau Veritas Group | COURBEVOIE, Ile-de-France, FR
Security Engineer II
@ Syniverse | Costa Rica