CVE-2023-33246
Vulnerability from cvelistv5
Published
2023-05-24 14:45
Modified
2024-08-19 07:48
Severity ?
EPSS score ?
Summary
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.
Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.
To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/07/12/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/07/12/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.vicarius.io/vsociety/posts/rocketmq-rce-cve-2023-33246-33247 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache RocketMQ |
Version: 0 |
|
|
|||
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2023-09-06
Due date: 2023-09-27
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Used in ransomware: Unknown
Notes: https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp; https://nvd.nist.gov/vuln/detail/CVE-2023-33246
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:48:09.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/1"
},
{
"url": "https://www.vicarius.io/vsociety/posts/rocketmq-rce-cve-2023-33246-33247"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache RocketMQ",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "5.1.0",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "lvyyevd@gmail.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u0026nbsp;\u003c/p\u003e\u003cp\u003eTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u0026nbsp;for using RocketMQ 5.x\u0026nbsp;or 4.9.6 or above for using RocketMQ 4.x .\u003c/p\u003e\n\n\n\n\n\n\n\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T14:45:25.684Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp"
},
{
"url": "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-33246",
"datePublished": "2023-05-24T14:45:25.684Z",
"dateReserved": "2023-05-21T08:12:11.944Z",
"dateUpdated": "2024-08-19T07:48:09.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2023-33246",
"cwes": "[\"CWE-94\"]",
"dateAdded": "2023-09-06",
"dueDate": "2023-09-27",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp; https://nvd.nist.gov/vuln/detail/CVE-2023-33246",
"product": "RocketMQ",
"requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as or achieve the same effect by forging the RocketMQ protocol content.",
"vendorProject": "Apache",
"vulnerabilityName": "Apache RocketMQ Command Execution Vulnerability"
},
"fkie_nvd": {
"cisaActionDue": "2023-09-27",
"cisaExploitAdd": "2023-09-06",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Apache RocketMQ Command Execution Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.9.7\", \"matchCriteriaId\": \"4DBCE249-91D7-442A-BD1B-4C20F848EB35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndExcluding\": \"5.1.2\", \"matchCriteriaId\": \"68AFCD16-B82F-411E-B3E6-236CA76A1FEE\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\\u00a0\\n\\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\\u00a0\\n\\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\\u00a0for using RocketMQ 5.x\\u00a0or 4.9.6 or above for using RocketMQ 4.x .\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\"}]",
"id": "CVE-2023-33246",
"lastModified": "2024-11-21T08:05:15.150",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2023-05-24T15:15:09.553",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html\", \"source\": \"security@apache.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/12/1\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/12/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/rocketmq-rce-cve-2023-33246-33247\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Undergoing Analysis",
"weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-33246\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-05-24T15:15:09.553\",\"lastModified\":\"2024-11-21T08:05:15.150\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\\n\\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\\n\\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2023-09-06\",\"cisaActionDue\":\"2023-09-27\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Apache RocketMQ Command Execution Vulnerability\",\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.9.7\",\"matchCriteriaId\":\"4DBCE249-91D7-442A-BD1B-4C20F848EB35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.1.2\",\"matchCriteriaId\":\"68AFCD16-B82F-411E-B3E6-236CA76A1FEE\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/12/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/12/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/rocketmq-rce-cve-2023-33246-33247\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.