Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apache RocketMQ NameServer 远程代码执行漏洞(CVE-2023-37582) #34

Open
y1ong opened this issue Jul 12, 2023 · 0 comments
Open

Apache RocketMQ NameServer 远程代码执行漏洞(CVE-2023-37582) #34

y1ong opened this issue Jul 12, 2023 · 0 comments
Labels
vuln

Comments

@y1ong
Copy link
Owner

y1ong commented Jul 12, 2023

漏洞描述

Apache RocketMQ是一款低延迟、高并发、高可用、高可靠的分布式消息中间件。CVE-2023-37582 中,由于对 CVE-2023-33246 修复不完善,导致在Apache RocketMQ NameServer 存在未授权访问的情况下,攻击者可构造恶意请求以RocketMQ运行的系统用户身份执行命令。

参考链接

  1. Fix incorrect naming apache/rocketmq#6843
@y1ong y1ong added the vuln label Jul 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
vuln
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@y1ong