all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-33246 (rocketmq)

Add to bookmarks
May 24, 2023, 3:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. 

Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. 

To prevent these attacks, users are recommended …

command components conditions configuration cve exploit function leaked nameserver permission risk system under update verification vulnerability

Visit resource

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months, 2 weeks ago | web.nvd.nist.gov
attackers cve denial of service issue +1
CVE-2023-40101 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android check collapse cve +7
CVE-2023-21377 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android bypass cve disclosure +8
CVE-2023-21380 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android bluetooth buffer buffer overflow +9
CVE-2023-21382 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
access android check cve +11
CVE-2023-21381 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android arbitrary code code code execution +10
CVE-2023-21385 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android corruption cve disclosure +7
CVE-2023-21387 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android backup bypass cve +11
CVE-2023-21389 (android) 6 months, 2 weeks ago | web.nvd.nist.gov
android bypass check cve +10

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Security Engineer II - Java Fullstack, AWS

@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
View on infosec-jobs.com

Consultant Cybersécurité Industrielle (F-H-X)

@ Bureau Veritas Group | COURBEVOIE, Ile-de-France, FR
View on infosec-jobs.com

Security Engineer II

@ Syniverse | Costa Rica
View on infosec-jobs.com