Vulnerability-Lookup

CVE-2023-33246 (GCVE-0-2023-33246)

Vulnerability from cvelistv5 – Published: 2023-05-24 14:45 – Updated: 2025-10-21 23:05

CISA KEV

Title

Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function

Summary

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .

Severity ?

No CVSS data available.

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

apache

References

URL

	Vendor	Product	Version
	Apache Software Foundation	Apache RocketMQ	Affected: 0 , ≤ 5.1.0 (maven)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 31ef4cd6-0aac-4a34-9e6d-b07df6ae239f

Vulnerability ID: CVE-2023-33246

Status: Confirmed

Status Updated: 2023-09-06 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2023-09-06

Asserted: 2023-09-06

Scope

Notes: KEV entry: Apache RocketMQ Command Execution Vulnerability | Affected: Apache / RocketMQ | Description: Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as or achieve the same effect by forging the RocketMQ protocol content. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-09-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp; https://nvd.nist.gov/vuln/detail/CVE-2023-33246

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-94
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	RocketMQ
Due Date	2023-09-27
Date Added	2023-09-06
Vendorproject	Apache
Vulnerabilityname	Apache RocketMQ Command Execution Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2023-33246

Created: 2026-02-02 12:26 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-19T07:48:09.006Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/12/1"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/rocketmq-rce-cve-2023-33246-33247"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-33246",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T20:30:17.989709Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-09-06",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33246"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:47.340Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/jakabakos/CVE-2023-33246_Apache_RocketMQ_RCE"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33246"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-09-06T00:00:00.000Z",
            "value": "CVE-2023-33246 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache RocketMQ",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "5.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "lvyyevd@gmail.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eFor RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u0026nbsp;\u003c/p\u003e\u003cp\u003eTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u0026nbsp;for using RocketMQ 5.x\u0026nbsp;or 4.9.6 or above for using RocketMQ 4.x .\u003c/p\u003e\n\n\n\n\n\n\n\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x ."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-12T11:06:20.076Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp"
        },
        {
          "url": "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/12/1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-33246",
    "datePublished": "2023-05-24T14:45:25.684Z",
    "dateReserved": "2023-05-21T08:12:11.944Z",
    "dateUpdated": "2025-10-21T23:05:47.340Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-33246",
      "cwes": "[\"CWE-94\"]",
      "dateAdded": "2023-09-06",
      "dueDate": "2023-09-27",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp;  https://nvd.nist.gov/vuln/detail/CVE-2023-33246",
      "product": "RocketMQ",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as or achieve the same effect by forging the RocketMQ protocol content.",
      "vendorProject": "Apache",
      "vulnerabilityName": "Apache RocketMQ Command Execution Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2023-09-27",
      "cisaExploitAdd": "2023-09-06",
      "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "cisaVulnerabilityName": "Apache RocketMQ Command Execution Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.9.7\", \"matchCriteriaId\": \"4DBCE249-91D7-442A-BD1B-4C20F848EB35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndExcluding\": \"5.1.2\", \"matchCriteriaId\": \"68AFCD16-B82F-411E-B3E6-236CA76A1FEE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\\u00a0\\n\\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\\u00a0\\n\\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\\u00a0for using RocketMQ 5.x\\u00a0or 4.9.6 or above for using RocketMQ 4.x .\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\"}]",
      "id": "CVE-2023-33246",
      "lastModified": "2024-11-21T08:05:15.150",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2023-05-24T15:15:09.553",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html\", \"source\": \"security@apache.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/12/1\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/12/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/rocketmq-rce-cve-2023-33246-33247\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Undergoing Analysis",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-33246\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-05-24T15:15:09.553\",\"lastModified\":\"2025-10-23T14:49:36.323\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\\n\\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\\n\\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2023-09-06\",\"cisaActionDue\":\"2023-09-27\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Apache RocketMQ Command Execution Vulnerability\",\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.9.6\",\"matchCriteriaId\":\"77D6638C-EB7C-486D-8AA9-4BA699EA5273\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.1.1\",\"matchCriteriaId\":\"12739B28-F22E-4B7A-9573-AF2B23438397\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/12/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/12/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/rocketmq-rce-cve-2023-33246-33247\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/jakabakos/CVE-2023-33246_Apache_RocketMQ_RCE\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33246\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/12/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vicarius.io/vsociety/posts/rocketmq-rce-cve-2023-33246-33247\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-19T07:48:09.006Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-33246\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T20:30:17.989709Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-09-06\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33246\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-09-06T00:00:00+00:00\", \"value\": \"CVE-2023-33246 added to CISA KEV\"}], \"references\": [{\"url\": \"https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT\", \"tags\": [\"exploit\"]}, {\"url\": \"https://github.com/jakabakos/CVE-2023-33246_Apache_RocketMQ_RCE\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33246\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-16T18:56:39.047Z\"}}], \"cna\": {\"title\": \"Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"lvyyevd@gmail.com\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache RocketMQ\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"maven\", \"lessThanOrEqual\": \"5.1.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/12/1\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\\u00a0\\n\\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\\u00a0\\n\\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\\u00a0for using RocketMQ 5.x\\u00a0or 4.9.6 or above for using RocketMQ 4.x .\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eFor RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u0026nbsp;\u003c/p\u003e\u003cp\u003eTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u0026nbsp;for using RocketMQ 5.x\u0026nbsp;or 4.9.6 or above for using RocketMQ 4.x .\u003c/p\u003e\\n\\n\\n\\n\\n\\n\\n\u003cp\u003e\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-07-12T11:06:20.076Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-33246\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:47.340Z\", \"dateReserved\": \"2023-05-21T08:12:11.944Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-05-24T14:45:25.684Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2023-42971

Vulnerability from cnvd - Published: 2023-06-01

Title

Apache RocketMQ命令执行漏洞

Description

Apache RocketMQ是美国阿帕奇（Apache）基金会的一款轻量级的数据处理平台和消息传递引擎。 Apache RocketMQ 5.1.0及之前版本存在命令执行漏洞，该漏洞源于应用未能正确过滤构造代码段的特殊元素。攻击者可利用该漏洞更新配置功能以系统用户身份执行命令。

Severity

高

Patch Name

Apache RocketMQ命令执行漏洞的补丁

Patch Description

Apache RocketMQ是美国阿帕奇（Apache）基金会的一款轻量级的数据处理平台和消息传递引擎。 Apache RocketMQ 5.1.0及之前版本存在命令执行漏洞，该漏洞源于应用未能正确过滤构造代码段的特殊元素。攻击者可利用该漏洞更新配置功能以系统用户身份执行命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-33246

Impacted products

Name
Apache RocketMQ <=5.1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-33246",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-33246"
    }
  },
  "description": "Apache RocketMQ\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7\u7684\u6570\u636e\u5904\u7406\u5e73\u53f0\u548c\u6d88\u606f\u4f20\u9012\u5f15\u64ce\u3002\n\nApache RocketMQ 5.1.0\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u4ee3\u7801\u6bb5\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u65b0\u914d\u7f6e\u529f\u80fd\u4ee5\u7cfb\u7edf\u7528\u6237\u8eab\u4efd\u6267\u884c\u547d\u4ee4\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-42971",
  "openTime": "2023-06-01",
  "patchDescription": "Apache RocketMQ\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7\u7684\u6570\u636e\u5904\u7406\u5e73\u53f0\u548c\u6d88\u606f\u4f20\u9012\u5f15\u64ce\u3002\r\n\r\nApache RocketMQ 5.1.0\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u6784\u9020\u4ee3\u7801\u6bb5\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u65b0\u914d\u7f6e\u529f\u80fd\u4ee5\u7cfb\u7edf\u7528\u6237\u8eab\u4efd\u6267\u884c\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache RocketMQ\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache RocketMQ \u003c=5.1.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-33246",
  "serverity": "\u9ad8",
  "submitTime": "2023-05-28",
  "title": "Apache RocketMQ\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2023-33246

Vulnerability from fkie_nvd - Published: 2023-05-24 15:15 - Updated: 2025-10-23 14:49

CISA KEV

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html	Exploit, Third Party Advisory, VDB Entry
security@apache.org	http://www.openwall.com/lists/oss-security/2023/07/12/1	Mailing List, Third Party Advisory
security@apache.org	https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/07/12/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.vicarius.io/vsociety/posts/rocketmq-rce-cve-2023-33246-33247	Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT	Exploit
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/jakabakos/CVE-2023-33246_Apache_RocketMQ_RCE	Exploit
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33246	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	apache	rocketmq	*
	apache	rocketmq	*

JSON

To clipboard

{
  "cisaActionDue": "2023-09-27",
  "cisaExploitAdd": "2023-09-06",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Apache RocketMQ Command Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77D6638C-EB7C-486D-8AA9-4BA699EA5273",
              "versionEndExcluding": "4.9.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12739B28-F22E-4B7A-9573-AF2B23438397",
              "versionEndExcluding": "5.1.1",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x ."
    }
  ],
  "id": "CVE-2023-33246",
  "lastModified": "2025-10-23T14:49:36.323",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-05-24T15:15:09.553",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/07/12/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/07/12/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vicarius.io/vsociety/posts/rocketmq-rce-cve-2023-33246-33247"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/jakabakos/CVE-2023-33246_Apache_RocketMQ_RCE"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33246"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

GHSA-X3CQ-8F32-5F63

Vulnerability from github – Published: 2023-07-06 21:15 – Updated: 2025-10-22 19:21

Summary

Apache RocketMQ may have remote code execution vulnerability when using update configuration function

Details

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.

Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.

To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.rocketmq:rocketmq-broker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.rocketmq:rocketmq-namesrv"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.9.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.rocketmq:rocketmq-controller"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.rocketmq:rocketmq-namesrv"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-33246"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-06T23:48:22Z",
    "nvd_published_at": "2023-05-24T15:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .",
  "id": "GHSA-x3cq-8f32-5f63",
  "modified": "2025-10-22T19:21:22Z",
  "published": "2023-07-06T21:15:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33246"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/rocketmq/commit/9d411cf04a695e7a3f41036e8377b0aa544d754d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/rocketmq/commit/c3ada731405c5990c36bf58d50b3e61965300703"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/rocketmq"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jakabakos/CVE-2023-33246_Apache_RocketMQ_RCE"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33246"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/rocketmq-rce-cve-2023-33246-33247"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/07/12/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache RocketMQ may have remote code execution vulnerability when using update configuration function"
}

GSD-2023-33246

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-33246

Aliases

CVE-2023-33246

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-33246",
    "id": "GSD-2023-33246"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-33246"
      ],
      "details": "For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\n\n\n\n\n\n\n\n\n\n\n\n",
      "id": "GSD-2023-33246",
      "modified": "2023-12-13T01:20:36.934001Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2023-33246",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache RocketMQ",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "5.1.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "lvyyevd@gmail.com"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\n\n\n\n\n\n\n\n\n\n\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-94",
                "lang": "eng",
                "value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp"
          },
          {
            "name": "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/07/12/1",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/07/12/1"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,5.1.1)",
          "affected_versions": "All versions before 5.1.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2023-07-12",
          "description": "For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\n\n\n\n\n\n\n\n\n\n\n\n",
          "fixed_versions": [
            "5.1.1"
          ],
          "identifier": "CVE-2023-33246",
          "identifiers": [
            "CVE-2023-33246"
          ],
          "not_impacted": "All versions starting from 5.1.1",
          "package_slug": "maven/org.apache.rocketmq/rocketmq-broker",
          "pubdate": "2023-05-24",
          "solution": "Upgrade to version 5.1.1 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-33246",
            "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp"
          ],
          "uuid": "7c1f8bbb-a4f5-49de-b083-bb17eb8254ba"
        },
        {
          "affected_range": "(,5.1.1)",
          "affected_versions": "All versions before 5.1.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2023-07-12",
          "description": "For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\n\n\n\n\n\n\n\n\n\n\n\n",
          "fixed_versions": [
            "5.1.1"
          ],
          "identifier": "CVE-2023-33246",
          "identifiers": [
            "CVE-2023-33246"
          ],
          "not_impacted": "All versions starting from 5.1.1",
          "package_slug": "maven/org.apache.rocketmq/rocketmq-client",
          "pubdate": "2023-05-24",
          "solution": "Upgrade to version 5.1.1 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-33246",
            "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp"
          ],
          "uuid": "549311fb-56ee-41bb-83b7-99fcf88a7b6b"
        },
        {
          "affected_range": "[5.0.0,5.1.1)",
          "affected_versions": "All versions starting from 5.0.0 before 5.1.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2023-07-12",
          "description": "For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\n\n\n\n\n\n\n\n\n\n\n\n",
          "fixed_versions": [
            "5.1.1"
          ],
          "identifier": "CVE-2023-33246",
          "identifiers": [
            "GHSA-x3cq-8f32-5f63",
            "CVE-2023-33246"
          ],
          "not_impacted": "All versions before 5.0.0, all versions starting from 5.1.1",
          "package_slug": "maven/org.apache.rocketmq/rocketmq-controller",
          "pubdate": "2023-07-06",
          "solution": "Upgrade to version 5.1.1 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-33246",
            "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp",
            "https://github.com/apache/rocketmq/commit/9d411cf04a695e7a3f41036e8377b0aa544d754d",
            "https://github.com/apache/rocketmq/commit/c3ada731405c5990c36bf58d50b3e61965300703",
            "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html",
            "http://www.openwall.com/lists/oss-security/2023/07/12/1",
            "https://github.com/advisories/GHSA-x3cq-8f32-5f63"
          ],
          "uuid": "560441f6-1792-4013-a005-8ccdc5c269d8"
        },
        {
          "affected_range": "[4.0.0,4.9.6),[5.0.0,5.1.1)",
          "affected_versions": "All versions starting from 4.0.0 before 4.9.6, all versions starting from 5.0.0 before 5.1.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937",
            "CWE-94"
          ],
          "date": "2023-07-12",
          "description": "For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\n\n\n\n\n\n\n\n\n\n\n\n",
          "fixed_versions": [
            "4.9.6",
            "5.1.1"
          ],
          "identifier": "CVE-2023-33246",
          "identifiers": [
            "GHSA-x3cq-8f32-5f63",
            "CVE-2023-33246"
          ],
          "not_impacted": "All versions before 4.0.0, all versions starting from 4.9.6 before 5.0.0, all versions starting from 5.1.1",
          "package_slug": "maven/org.apache.rocketmq/rocketmq-namesrv",
          "pubdate": "2023-07-06",
          "solution": "Upgrade to versions 4.9.6, 5.1.1 or above.",
          "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-33246",
            "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp",
            "https://github.com/apache/rocketmq/commit/9d411cf04a695e7a3f41036e8377b0aa544d754d",
            "https://github.com/apache/rocketmq/commit/c3ada731405c5990c36bf58d50b3e61965300703",
            "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html",
            "http://www.openwall.com/lists/oss-security/2023/07/12/1",
            "https://github.com/advisories/GHSA-x3cq-8f32-5f63"
          ],
          "uuid": "67931e40-c587-4f9b-9a17-9940ee99b558"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.1.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2023-33246"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.\u00a0\n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.\u00a0\n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above\u00a0for using RocketMQ 5.x\u00a0or 4.9.6 or above for using RocketMQ 4.x .\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp"
            },
            {
              "name": "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2023/07/12/1",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2023/07/12/1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-07-12T12:15Z",
      "publishedDate": "2023-05-24T15:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-33246 (GCVE-0-2023-33246)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

CNVD-2023-42971

FKIE_CVE-2023-33246

GHSA-X3CQ-8F32-5F63

GSD-2023-33246

Tags

Sightings

Nomenclature