18 matches found
VulnCheck KEV: CVE-2023-37582
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
Muhstik botnet exploits a critical Apache RocketMQ flaw CVE-2023-33246 for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining. Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary "pty3", and...
Exploit for Code Injection in Apache Rocketmq
CVE-2023-33246RocketMQRCEEXP CVE-2023-33246 RocketMQ Remote...
Attacks, Vulnerabilities and Actors 4 September to 10 September 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of ten executed attacks, one instance of adversary activity, and six vulnerabilities...
CISA Adds One Known Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-33246 Apache RocketMQ Command Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant...
Arbitrary Code Injection
org.apache.rocketmq, rocketmq-namesrv is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library allows updating the config path at runtime, allowing an attacker to inject and execute malicious code through the update configuration function by forging the RocketMQ...
Exploit for Code Injection in Apache Rocketmq
CVE-2023-37582EXPLOIT Apache RocketMQ Arbitrary File Write Vu...
Design/Logic Flaw
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit
RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...
Metasploit Weekly Wrap-Up
Apache RocketMQ We saw some great teamwork this week from jheysel-r7 and h00die to bring you an exploit module for CVE-2023-33246. In Apache RocketMQ version 5.1.0 and under, there is an access control issue which the module leverages to update the broker's configuration file without...
org.apache.rocketmq:rocketmq-dashboard (=2.0.0), org.apache.rocketmq:rocketmq-namesrv (>=5.0.0 <=5.1.0) +1 more potentially affected by CVE-2023-33246 via org.apache.rocketmq:rocketmq-controller (>=5.0.0 <=5.1.0)
org.apache.rocketmq:rocketmq-controller MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.1.0 Source cves: CVE-2023-33246 Source advisory: OSV:GHSA-X3CQ-8F32-5F63...
com.webank.defibus:defibus-namesrv (>=1.0.0 <=1.0.1), io.github.harvies.charon:charon-rockermq-namesrv (=0.0.6) +9 more potentially affected by CVE-2023-33246 via org.apache.rocketmq:rocketmq-namesrv (>=4.1.0-incubating <=4.9.5)
org.apache.rocketmq:rocketmq-namesrv MAVEN version =4.1.0-incubating, =1.0.0, =0.0.7, =1.2.0-release, =1.10.0-release, =1.9.0-release, =1.2.0-release, =1.9.0-release, =2.1.0, =4.1.0-incubating, =4.9.5 Source cves: CVE-2023-33246 Source advisory: OSV:GHSA-X3CQ-8F32-5F63...
org.apache.rocketmq:rocketmq-dashboard (=2.0.0), org.apache.rocketmq:rocketmq-test (>=5.0.0 <=5.1.0) potentially affected by CVE-2023-33246 via org.apache.rocketmq:rocketmq-namesrv (>=5.0.0 <=5.1.0)
org.apache.rocketmq:rocketmq-namesrv MAVEN version =5.0.0, =5.0.0, =5.1.0 Source cves: CVE-2023-33246 Source advisory: OSV:GHSA-X3CQ-8F32-5F63...
Exploit for Code Injection in Apache Rocketmq
CVE-2023-33246 Apache RocketMQ remote code execution vulnera...
CVE-2023-33246
creationtimestamp| type| source ---|---|--- 2023-05-30 15:17:54+00:00| published-proof-of-concept| https://t.me/dilagrafie/3071 2023-05-30 15:54:33+00:00| published-proof-of-concept| https://t.me/proxybar/1551 2023-06-01 02:21:39+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/4466...
CVE-2023-33246
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
CVE-2023-33246
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
CVE-2023-33246 Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...