admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2023-33246.md

Browse Source 
CVE-2023-33246
This commit is contained in:
Goby 2023-06-16 21:28:17 +08:00 committed by GitHub
parent a1f4aa29ea
commit c3617e1e77
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2023-33246.md Normal file
View File

@ -0,0 +1,12 @@
## RocketMQ Broker rocketmqHome Config Remote Command Execution Vulnerability (CVE-2023-33246)
| **Vulnerability** | **RocketMQ Broker rocketmqHome Config Remote Command Execution Vulnerability (CVE-2023-33246)** |
| :----: | :-----|
| **Chinese name** | RocketMQ Broker rocketmqHome Config 远程命令执行漏洞CVE-2023-33246 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [protocol="rocketmq-broker"](https://en.fofa.info/result?qbase64=cHJvdG9jb2w9InJvY2tldG1xLWJyb2tlciI%3D) |
| **Number of assets affected** | 10087 |
| **Description** | Apache RocketMQ is a lightweight data processing platform and messaging engine developed by the Apache Software Foundation in the United States. There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function. |
| **Impact** | There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function. |
![](https://github.com/gobysec/GobyVuls/blob/master/CVE-2023-33246.gif)