GoogleOSV:GHSA-X3CQ-8F32-5F63Apache RocketMQ may have remote code execution vulnerability when using update configuration function
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.973 High
EPSS
Percentile
99.9%
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.
Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.
To prevent these attacks, users are recommended to upgrade to version 5.1.1 or aboveΒ for using RocketMQ 5.xΒ or 4.9.6 or above for using RocketMQ 4.x .
References
packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html
www.openwall.com/lists/oss-security/2023/07/12/1
github.com/apache/rocketmq
github.com/apache/rocketmq/commit/9d411cf04a695e7a3f41036e8377b0aa544d754d
github.com/apache/rocketmq/commit/c3ada731405c5990c36bf58d50b3e61965300703
lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp
nvd.nist.gov/vuln/detail/CVE-2023-33246
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.973 High
EPSS
Percentile
99.9%