cnvd - cnvd-2024-33810

cnvd-2024-33810

Vulnerability from cnvd

Title: Apache RocketMQ信息泄露漏洞

Description:

Apache RocketMQ是美国阿帕奇（Apache）基金会的一款轻量级的数据处理平台和消息传递引擎。

Apache RocketMQ存在信息泄露漏洞，攻击者可利用该漏洞通过特定接口获取管理员的帐户和密码。

Severity: 中

Patch Name: Apache RocketMQ信息泄露漏洞的补丁

Patch Description:

Apache RocketMQ是美国阿帕奇（Apache）基金会的一款轻量级的数据处理平台和消息传递引擎。

Apache RocketMQ存在信息泄露漏洞，攻击者可利用该漏洞通过特定接口获取管理员的帐户和密码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/lr8npobww786nrnddd1pcy974r17c830

Reference: https://cxsecurity.com/cveshow/CVE-2024-23321/

Impacted products

Name
Apache RocketMQ >=4.5.2，<=5.2.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-23321"
    }
  },
  "description": "Apache RocketMQ\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7\u7684\u6570\u636e\u5904\u7406\u5e73\u53f0\u548c\u6d88\u606f\u4f20\u9012\u5f15\u64ce\u3002\n\nApache RocketMQ\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5b9a\u63a5\u53e3\u83b7\u53d6\u7ba1\u7406\u5458\u7684\u5e10\u6237\u548c\u5bc6\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/lr8npobww786nrnddd1pcy974r17c830",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-33810",
  "openTime": "2024-07-29",
  "patchDescription": "Apache RocketMQ\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u8f7b\u91cf\u7ea7\u7684\u6570\u636e\u5904\u7406\u5e73\u53f0\u548c\u6d88\u606f\u4f20\u9012\u5f15\u64ce\u3002\r\n\r\nApache RocketMQ\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5b9a\u63a5\u53e3\u83b7\u53d6\u7ba1\u7406\u5458\u7684\u5e10\u6237\u548c\u5bc6\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache RocketMQ\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache RocketMQ \u003e=4.5.2\uff0c\u003c=5.2.0"
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2024-23321/",
  "serverity": "\u4e2d",
  "submitTime": "2024-07-24",
  "title": "Apache RocketMQ\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2024-23321 (GCVE-0-2024-23321)

Vulnerability from cvelistv5

Published

2024-07-22 09:24

Modified

2025-02-13 17:39

Severity ?

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator's account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list. To mitigate these security threats, it is strongly advised that users upgrade to version 5.3.0 or newer. Additionally, we recommend users to use RocketMQ ACL 2.0 instead of the original RocketMQ ACL when upgrading to version Apache RocketMQ 5.3.0.

References

▼	URL	Tags
	https://lists.apache.org/thread/lr8npobww786nrnddd1pcy974r17c830	vendor-advisory
	http://www.openwall.com/lists/oss-security/2024/07/22/1

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache RocketMQ	Version: 4.5.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:rocketmq:4.5.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rocketmq",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "5.2.0",
                "status": "affected",
                "version": "4.5.2",
                "versionType": "maven"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23321",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T13:39:51.418149Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T13:46:38.314Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.182Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/lr8npobww786nrnddd1pcy974r17c830"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/22/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.rocketmq:rocketmq-broker",
          "product": "Apache RocketMQ",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "5.2.0",
              "status": "affected",
              "version": "4.5.2",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "BaoChengZhang (LengJingQiCaiSecurityLab)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eFor RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions.\u003c/p\u003e\n\n\u003cp\u003eAn attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator\u0027s account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list.\u003c/p\u003e\n\n\u003cp\u003eTo mitigate these security threats, it is strongly advised that users upgrade to version 5.3.0 or newer. Additionally, we recommend users to use RocketMQ ACL 2.0 instead of the original RocketMQ ACL when upgrading to version Apache RocketMQ 5.3.0.\u003c/p\u003e\n\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions.\n\nAn attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator\u0027s account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list.\n\nTo mitigate these security threats, it is strongly advised that users upgrade to version 5.3.0 or newer. Additionally, we recommend users to use RocketMQ ACL 2.0 instead of the original RocketMQ ACL when upgrading to version Apache RocketMQ 5.3.0."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-22T09:25:06.584Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/lr8npobww786nrnddd1pcy974r17c830"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/22/1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache RocketMQ: Unauthorized Exposure of Sensitive Data",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-23321",
    "datePublished": "2024-07-22T09:24:15.807Z",
    "dateReserved": "2024-01-15T12:24:37.592Z",
    "dateUpdated": "2025-02-13T17:39:41.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted