A vulnerability was found in Apache RocketMQ where, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification. This flaw allows an attacker to use the update configuration function to execute commands as the system users that RocketMQ is running as.
Metrics
Affected Vendors & Products
References
History
Wed, 09 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in Apache RocketMQ where, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification. This flaw allows an attacker to use the update configuration function to execute commands as the system users that RocketMQ is running as. | |
Title | rocketmq: Apache RocketMQ Arbitrary Code Injection | |
Weaknesses | CWE-94 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
No data.
Vulnrichment
No data.
NVD
No data.
Redhat